You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kp...@apache.org on 2013/11/09 15:10:17 UTC
svn commit: r1540306 - /tomcat/trunk/webapps/docs/config/filter.xml
Author: kpreisser
Date: Sat Nov 9 14:10:17 2013
New Revision: 1540306
URL: http://svn.apache.org/r1540306
Log:
Internet Explorer (9 - 11) has an option to enable charset guessing if not charset is specified, but it is not enabled by default.
Modified:
tomcat/trunk/webapps/docs/config/filter.xml
Modified: tomcat/trunk/webapps/docs/config/filter.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/filter.xml?rev=1540306&r1=1540305&r2=1540306&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/filter.xml (original)
+++ tomcat/trunk/webapps/docs/config/filter.xml Sat Nov 9 14:10:17 2013
@@ -57,8 +57,8 @@
media sub-types of the "text" media type, the ISO-8859-1 character set must
be used. However, browsers may attempt to auto-detect the character set.
This may be exploited by an attacker to perform an XSS attack. Internet
- Explorer has this behaviour by default. Other browsers have an option to
- enable it.</p>
+ Explorer and other browsers have an option to
+ enable this behavior.</p>
<p>This filter prevents the attack by explicitly setting a character set.
Unless the provided character set is explicitly overridden by the user the
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org