Commits

Senthil Kumaran committed e9724d7

Fix issue11442 - Add a charset parameter to the Content-type to avoid XSS attacks.
Patch by Tom N. (Backported from py3k codeline).

  • Participants
  • Parent commits 7790ad8
  • Branches 2.5

Comments (0)

Files changed (1)

Lib/SimpleHTTPServer.py

 import urllib
 import urlparse
 import cgi
+import sys
 import shutil
 import mimetypes
 try:
         length = f.tell()
         f.seek(0)
         self.send_response(200)
-        self.send_header("Content-type", "text/html")
+        encoding = sys.getfilesystemencoding()
+        self.send_header("Content-type", "text/html; charset=%s" % encoding)
         self.send_header("Content-Length", str(length))
         self.end_headers()
         return f