[Twisted-web] twisted.web.template output encoding

exarkun at twistedmatrix.com exarkun at twistedmatrix.com
Sun Nov 27 17:55:17 EST 2011


On 09:12 pm, glyph at twistedmatrix.com wrote:
>I should probably respond to the rest of the post as well, but...:
>
>On Nov 26, 2011, at 11:52 AM, exarkun at twistedmatrix.com wrote:
>>including the bytes in a page with a content type of "text/html".
>
>It's pretty much always wrong to give a page the content type of 
>"text/html".  Browsers will then guess the encoding based on wonky 
>heuristics about the page, which in certain obscure cases can lead to 
>security problems (see <https://en.wikipedia.org/wiki/UTF-7#Security>).
>
>So, in addition to whatever other fix is done here, the encoding on the 
>error page should be adjusted to be explicit about its character set.

I filed http://tm.tl/5416 for this.

Jean-Paul



More information about the Twisted-web mailing list