cpython: e9724d7abbc2 (original) (raw)

Mercurial > cpython

changeset 68640:e9724d7abbc2 2.5

Fix issue11442 - Add a charset parameter to the Content-type to avoid XSS attacks. Patch by Tom N. (Backported from py3k codeline). [#11442]

Senthil Kumaran orsenthil@gmail.com
date	Thu, 17 Mar 2011 12:34:18 +0800
parents	7790ad8332ba
children	8cdb95cf096e 3074c77b7121
files	Lib/SimpleHTTPServer.py
diffstat	1 files changed, 3 insertions(+), 1 deletions(-)[+] [-] Lib/SimpleHTTPServer.py 4

line wrap: on

line diff

--- a/Lib/SimpleHTTPServer.py +++ b/Lib/SimpleHTTPServer.py @@ -16,6 +16,7 @@ import BaseHTTPServer import urllib import urlparse import cgi +import sys import shutil import mimetypes try: @@ -132,7 +133,8 @@ class SimpleHTTPRequestHandler(BaseHTTPS length = f.tell() f.seek(0) self.send_response(200)

   self.send_header("Content-type", "text/html")[](#l1.15)

   encoding = sys.getfilesystemencoding()[](#l1.16)

   self.send_header("Content-type", "text/html; charset=%s" % encoding)[](#l1.17)
   self.send_header("Content-Length", str(length))[](#l1.18)
   self.end_headers()[](#l1.19)
   return f[](#l1.20)