Daniel Naber wrote:

> On Thursday 20 May 2004 17:48, webmaster wrote:
> 
>> print "Content-Type: text/html; charset=", $CHARSET, "\n\n";
> 
> That is indeed a little bit cleaner than the <meta> tag. However,
> changing it from iso-8895-1

I'm assuming you meant iso-8859-1 (not 8895-1 as you wrote).

> to something else doesn't make much sense usually, as you have to
> search with the same encoding that has been used for indexing. But
> Perlfect Search only supports indexing iso-8895-1.

Ah, I didn't realize that. So I can just hardcode the charset in
search.pl, then?

>> How is such an attack carried out, and how does the charset prevent
>> it?
> 
> It is mentioned in the CERT advisory about cross site scripting, but
> I think it only possible in theory.

Thanks for the info.

-- 
webmaster/admin:
http://www.tsmchughs.com/