[Twisted-web] twisted.web.template output encoding
glyph at twistedmatrix.com
Sun Nov 27 16:12:52 EST 2011
I should probably respond to the rest of the post as well, but...:
On Nov 26, 2011, at 11:52 AM, exarkun at twistedmatrix.com wrote:
> including the bytes in a page with a content type of "text/html".
It's pretty much always wrong to give a page the content type of "text/html". Browsers will then guess the encoding based on wonky heuristics about the page, which in certain obscure cases can lead to security problems (see <https://en.wikipedia.org/wiki/UTF-7#Security>).
So, in addition to whatever other fix is done here, the encoding on the error page should be adjusted to be explicit about its character set.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Twisted-web