[web-devel] XSS vs charset
Kazu Yamamoto (=?iso-2022-jp?B?GyRCOzNLXE9CSScbKEI=?=)
kazu at iij.ad.jp
Wed Apr 2 05:02:36 UTC 2014
Hi all,
I heard that if an HTTP server does not specify charset for text/html
in HTTP responses, XSS would be possible:
http://openmya.hacker.jp/hasegawa/security/utf7cs.html
I would like to change Mighty to specify charset=UTF-8. Before that, I
would like to discuss some items on this ML.
- Can we assume that recent contents are written in UTF-8?
For Japanese community, the answer is probably YES.
- Which components should spcify charset=UTF-8?
The mime-types package?
--Kazu
More information about the web-devel
mailing list