Adding the charset sounds like a good practice, especially in Keystone
which is security sensitive. See this old Python vulnerability:
http://python-security.readthedocs.io/vuln/cve-2011-4940_simplehttpserver_utf-7.html
"The list_directory() function in Lib/SimpleHTTPServer.py in
SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and
2.7.x before 2.7.2 does not place a charset parameter in the
Content-Type HTTP header, which makes it easier for remote attackers to
conduct cross-site scripting (XSS) attacks against Internet Explorer 7
via UTF-7 encoding."
Maybe in 2017, browsers don't have issues with encodings anymore, right? ;-)
I don't know the WebOb module, but I'm not surprised that it doesn't
already add charset='utf-8' *by default*.
Victor
Le 29/03/2017 à 23:54, Lance Bragstad a écrit :
The keystone gate is currently broken [0]. This seems related to a
previous change we made to be compatible with webob 1.7 [1]. Looks like
we missed a couple spots in the original patch that are failing now that
we're using a newer version of webob.
There is a solution up for review [2] that should unblock the gate.
[0]
http://logs.openstack.org/44/443344/6/gate/gate-keystone-python35/e162b3d/testr_results.html.gz
[1] https://review.openstack.org/#/c/422234/
[2] https://review.openstack.org/#/c/451559/
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
