f7105a2773048be8229b80ca74a889c9b15348b6,src/java/org/apache/hadoop/http/HttpServer.java,QuotingInputFilter,doFilter,#ServletRequest#ServletResponse#FilterChain#,850
Before Change
final HttpServletResponse httpResponse = (HttpServletResponse) response;
// set the default to UTF-8 so that we don't need to worry about IE7
// choosing to interpret the special characters as UTF-7
httpResponse.setContentType("text/html;charset=utf-8");
chain.doFilter(quoted, response);
}
After Change
HttpServletResponse httpResponse = (HttpServletResponse) response;
String mime = inferMimeType(request);
if (mime == null || mime.equals("text/html")) {
// no extension or HTML with unspecified encoding, we want to
// force HTML with utf-8 encoding
// This is to avoid the following security issue:
// http://openmya.hacker.jp/hasegawa/security/utf7cs.html
httpResponse.setContentType("text/html; charset=utf-8");
}
chain.doFilter(quoted, httpResponse);
}