Fix issue11442 - Add a charset parameter to the Content-type to avoid XSS attacks.

Patch by Tom N. (Backported from py3k codeline).

Fix issue11442 - Add a charset parameter to the Content-type to avoid XSS attacks.
Patch by Tom N. (Backported from py3k codeline).
3853586e · Senthil Kumaran · 6e0a8b8a · 3853586e
Commit 3853586e authored Mar 17, 2011 by Senthil Kumaran
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

Lib/SimpleHTTPServer.py Lib/SimpleHTTPServer.py +3 -1

No files found.
--- a/Lib/SimpleHTTPServer.py
+++ b/Lib/SimpleHTTPServer.py
@@ -16,6 +16,7 @@ import BaseHTTPServer
 import urllib
 import urlparse
 import cgi
+import sys
 import shutil
 import mimetypes
 try:
@@ -132,7 +133,8 @@ class SimpleHTTPRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
        length = f.tell()
        f.seek(0)
        self.send_response(200)
-        self.send_header("Content-type", "text/html")
+        encoding = sys.getfilesystemencoding()
+        self.send_header("Content-type", "text/html; charset=%s" % encoding)
        self.send_header("Content-Length", str(length))
        self.end_headers()
        return f