Re: Bug#257775: AddDefaultCharset default setting is misleading
On Tue, Jul 06, 2004 at 07:10:10AM +0200, Fabio Massimo Di Nitto wrote:
> This thing has been discussed over and over. This is the last reference to
> it:
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211889&archive=yes
>
> Since setting AddDefaultCharset off can imply security problem we will
> never switch it to off. For more information please check the previous URL
> and the apache documentation on httpd.apache.org
I think the real bug here is in the html specification -- it says the
server's setting overrides the document's setting, which just seems daft.
My understanding of the security problem is that you need to always set
_some_ charset encoding. So I think it'd be a good idea to always set
utf-8 rather than latin1 in new installations.
--
"Next the statesmen will invent cheap lies, putting the blame upon
the nation that is attacked, and every man will be glad of those
conscience-soothing falsities, and will diligently study them, and refuse
to examine any refutations of them; and thus he will by and by convince
himself that the war is just, and will thank God for the better sleep
he enjoys after this process of grotesque self-deception." -- Mark Twain
Reply to: