f7105a2773048be8229b80ca74a889c9b15348b6,src/java/org/apache/hadoop/http/HttpServer.java,QuotingInputFilter,doFilter,#ServletRequest#ServletResponse#FilterChain#,850

Before Change


      final HttpServletResponse httpResponse = (HttpServletResponse) response;
      // set the default to UTF-8 so that we don't need to worry about IE7
      // choosing to interpret the special characters as UTF-7
      httpResponse.setContentType("text/html;charset=utf-8");
      chain.doFilter(quoted, response);
    }

After Change


      HttpServletResponse httpResponse = (HttpServletResponse) response;

      String mime = inferMimeType(request);
      if (mime == null || mime.equals("text/html")) {
        // no extension or HTML with unspecified encoding, we want to
        // force HTML with utf-8 encoding
        // This is to avoid the following security issue:
        // http://openmya.hacker.jp/hasegawa/security/utf7cs.html
        httpResponse.setContentType("text/html; charset=utf-8");
      }
      chain.doFilter(quoted, httpResponse);
    }