diff options
author | shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2010-08-16 07:31:35 +0000 |
---|---|---|
committer | shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2010-08-16 07:31:35 +0000 |
commit | b08619c82a09b204e818a16e9ad6343ef9a1b9fd (patch) | |
tree | 08d0bda6ca053230a2c6f4d7789103a2341fa01e /lib | |
parent | 4b46ec3491389d581251357225b5e15501b6d086 (diff) |
merge revision(s) 29002:
* lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error):
Fix for possible cross-site scripting (CVE-2010-0541).
Found by Apple, reported by Hideki Yamane.
Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@29006 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib')
-rw-r--r-- | lib/webrick/httpresponse.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/webrick/httpresponse.rb b/lib/webrick/httpresponse.rb index 62156b1abd..48fe4b07f8 100644 --- a/lib/webrick/httpresponse.rb +++ b/lib/webrick/httpresponse.rb @@ -209,7 +209,7 @@ module WEBrick @keep_alive = false self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR end - @header['content-type'] = "text/html" + @header['content-type'] = "text/html; charset=ISO-8859-1" if respond_to?(:create_error_page) create_error_page() |