diff options
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | lib/webrick/httpresponse.rb | 2 |
2 files changed, 8 insertions, 1 deletions
@@ -1,3 +1,10 @@ +Sun Aug 15 19:59:58 2010 Yuki Sonoda (Yugui) <yugui@yugui.jp> + + * lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error): + Fix for possible cross-site scripting (CVE-2010-0541). + Found by Apple, reported by Hideki Yamane. + Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>. + Fri Jul 30 08:51:51 2010 Nobuyoshi Nakada <nobu@ruby-lang.org> * file.c (file_expand_path): home directory must be absolute. diff --git a/lib/webrick/httpresponse.rb b/lib/webrick/httpresponse.rb index 98c4a357fa..16bf15b6dd 100644 --- a/lib/webrick/httpresponse.rb +++ b/lib/webrick/httpresponse.rb @@ -208,7 +208,7 @@ module WEBrick @keep_alive = false self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR end - @header['content-type'] = "text/html" + @header['content-type'] = "text/html; charset=ISO-8859-1" if respond_to?(:create_error_page) create_error_page() |