diff options
author | yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2010-08-16 00:53:48 +0000 |
---|---|---|
committer | yugui <yugui@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2010-08-16 00:53:48 +0000 |
commit | 2e632711482dfbfc8e18990be485fbed4784a095 (patch) | |
tree | 1b592e44222f62de96a7b7b68c5324a37983a845 /lib | |
parent | 10bc4d23ce3bca75672c98f403a622448f050073 (diff) |
* lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error):
Fix for possible cross-site scripting (CVE-2010-0541).
Found by Apple, reported by Hideki Yamane.
Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_1@28997 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib')
-rw-r--r-- | lib/webrick/httpresponse.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/webrick/httpresponse.rb b/lib/webrick/httpresponse.rb index 740a8fe921..e0e8dc9826 100644 --- a/lib/webrick/httpresponse.rb +++ b/lib/webrick/httpresponse.rb @@ -208,7 +208,7 @@ module WEBrick @keep_alive = false self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR end - @header['content-type'] = "text/html" + @header['content-type'] = "text/html; charset=ISO-8859-1" if respond_to?(:create_error_page) create_error_page() |