[Python-checkins] cpython (2.5): Fix issue11442 (original) (raw)

[Python-checkins] cpython (2.5): Fix issue11442 - Add a charset parameter to the Content-type to avoid XSS

senthil.kumaran python-checkins at python.org
Thu Mar 17 07:49:52 CET 2011

• Previous message: [Python-checkins] cpython (2.7): toggle non-functional when NumLock set.
• Next message: [Python-checkins] cpython (merge 2.5 -> 2.6): merge from 2.5 branch.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://hg.python.org/cpython/rev/e9724d7abbc2 changeset: 68640:e9724d7abbc2 branch: 2.5 parent: 68263:7790ad8332ba user: Senthil Kumaran <orsenthil at gmail.com> date: Thu Mar 17 12:34:18 2011 +0800 summary: Fix issue11442 - Add a charset parameter to the Content-type to avoid XSS attacks. Patch by Tom N. (Backported from py3k codeline).

files: Lib/SimpleHTTPServer.py

diff --git a/Lib/SimpleHTTPServer.py b/Lib/SimpleHTTPServer.py --- a/Lib/SimpleHTTPServer.py +++ b/Lib/SimpleHTTPServer.py @@ -16,6 +16,7 @@ import urllib import urlparse import cgi +import sys import shutil import mimetypes try: @@ -132,7 +133,8 @@ length = f.tell() f.seek(0) self.send_response(200)

•    self.send_header("Content-type", "text/html")

•    encoding = sys.getfilesystemencoding()

•    self.send_header("Content-type", "text/html; charset=%s" % encoding)
     self.send_header("Content-Length", str(length))
     self.end_headers()
     return f

-- Repository URL: http://hg.python.org/cpython

• Previous message: [Python-checkins] cpython (2.7): toggle non-functional when NumLock set.
• Next message: [Python-checkins] cpython (merge 2.5 -> 2.6): merge from 2.5 branch.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-checkins mailing list