On 09:12 pm, [email protected] wrote: >I should probably respond to the rest of the post as well, but...: > >On Nov 26, 2011, at 11:52 AM, [email protected] wrote: >>including the bytes in a page with a content type of "text/html". > >It's pretty much always wrong to give a page the content type of >"text/html". Browsers will then guess the encoding based on wonky >heuristics about the page, which in certain obscure cases can lead to >security problems (see <https://en.wikipedia.org/wiki/UTF-7#Security>). > >So, in addition to whatever other fix is done here, the encoding on the >error page should be adjusted to be explicit about its character set.
I filed http://tm.tl/5416 for this. Jean-Paul _______________________________________________ Twisted-web mailing list [email protected] http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-web
