On Wed, 7 Sep 2016, Thorsten Glaser wrote:
> In real life, it does help: if none is specified, various user agents
> may (and do¹) guess. This occasionally helps.
And occasionally leads to security vulnerabilities:
http://nedbatchelder.com/blog/200704/xss_with_utf7.html
Even aside from those ki
Anders Kaseorg dixit:
>On Sun, 5 Jan 2014, Thorsten Glaser wrote:
>> The correct fix here is to prevent p5-CGI from adding any charset
>> if none was already given (e.g. via guess_mimetype).
>
>That will not help you, because HTTP also specifies the default charset
>for text/* as ISO-8859-1 if not
Package: git
Version: 1:1.7.10.4-1+wheezy1
Severity: normal
Tags: patch
Hi *,
gitweb uses p5-CGI which, according to its perldoc, defaults
to latin1 if no charset is given. This causes mojibake:
$ env GATEWAY_INTERFACE=CGI/1.1 REQUEST_METHOD=GET \
REQUEST_URI=/gitweb/ SERVER_PROTOCOL=HTTP/1.
3 matches
Mail list logo
