From b08619c82a09b204e818a16e9ad6343ef9a1b9fd Mon Sep 17 00:00:00 2001
From: shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 16 Aug 2010 07:31:35 +0000
Subject: merge revision(s) 29002: 	* lib/webrick/httpresponse.rb
 (WEBrick::HTTPResponse#set_error): 	  Fix for possible cross-site
 scripting (CVE-2010-0541). 	  Found by Apple, reported by Hideki Yamane. 
   Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_7@29006 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 lib/webrick/httpresponse.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/webrick/httpresponse.rb b/lib/webrick/httpresponse.rb
index 62156b1abd..48fe4b07f8 100644
--- a/lib/webrick/httpresponse.rb
+++ b/lib/webrick/httpresponse.rb
@@ -209,7 +209,7 @@ module WEBrick
         @keep_alive = false
         self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR
       end
-      @header['content-type'] = "text/html"
+      @header['content-type'] = "text/html; charset=ISO-8859-1"
 
       if respond_to?(:create_error_page)
         create_error_page()
-- 
cgit v1.2.3