[Perlfect-search] sending an HTTP charset header
Daniel Naber email@example.com
Sat, 22 May 2004 00:17:49 +0200
On Thursday 20 May 2004 17:48, webmaster wrote:
> print "Content-Type: text/html; charset=", $CHARSET, "\n\n";
> I thought I'd ask what the developer(s) thought of this. Is there
> anything crucial that I've overlooked?
That is indeed a little bit cleaner than the <meta> tag. However, changing
it from iso-8895-1 to something else doesn't make much sense usually, as
you have to search with the same encoding that has been used for indexing.
But Perlfect Search only supports indexing iso-8895-1.
> Also, in a comment on results page template, there's a note about the
> importance of declaring a charset to prevent cross site attacks. How is
> such an attack carried out, and how does the charset prevent it? Just
> curious about that.
It is mentioned in the CERT advisory about cross site scripting, but I
think it only possible in theory. If a browser uses a charset that's
different from the known charsets, even for the US-ASCII part, different
characters may be interpreted as HTML special characters. But these are
not escaped by the script. I'm not sure such an encoding is implemented in
any browser today.