changeset:   68640:e9724d7abbc2
branch:      2.5
parent:      68263:7790ad8332ba
user:        Senthil Kumaran <orsenthil@gmail.com>
date:        Thu Mar 17 12:34:18 2011 +0800
files:       Lib/SimpleHTTPServer.py
description:
Fix issue11442 - Add a charset parameter to the Content-type to avoid XSS attacks.
Patch by Tom N. (Backported from py3k codeline).


diff -r 7790ad8332ba -r e9724d7abbc2 Lib/SimpleHTTPServer.py
--- a/Lib/SimpleHTTPServer.py	Sat Mar 05 20:38:24 2011 +0100
+++ b/Lib/SimpleHTTPServer.py	Thu Mar 17 12:34:18 2011 +0800
@@ -16,6 +16,7 @@
 import urllib
 import urlparse
 import cgi
+import sys
 import shutil
 import mimetypes
 try:
@@ -132,7 +133,8 @@
         length = f.tell()
         f.seek(0)
         self.send_response(200)
-        self.send_header("Content-type", "text/html")
+        encoding = sys.getfilesystemencoding()
+        self.send_header("Content-type", "text/html; charset=%s" % encoding)
         self.send_header("Content-Length", str(length))
         self.end_headers()
         return f