Evan Martin (evan) wrote in evan_tech,
Evan Martin
evan
evan_tech

subtle

So I was trying to figure out why neugierig.org was serving pages with a charset=iso-8859-1 HTTP header, and I eventually found it. Kinda interesting, really:

The problem is that the default charset is undefined, which means on pages with an unspecified charset there are subtle cross-site-scripting bugs where the server thinks it has properly escaped HTML but the client doesn’t. (Think UTF-16, where < has a different representation than the single byte UTF-8 uses.)

So Debian’s Apache is configured by default to add that Content-Type header. And that has the final effect that my (UTF-8, in theory) pages aren’t being served with the right charset.

(Credit: All of this is from this LJ post, which I found through Google.)
Subscribe
  • Post a new comment

    Error

    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 0 comments