From 29b30b66f3eaba883827b3da607e3dc31a45e0ad Mon Sep 17 00:00:00 2001
From: shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Mon, 16 Aug 2010 03:41:12 +0000
Subject: [PATCH] merge revision(s) 28997: 	* lib/webrick/httpresponse.rb
 (WEBrick::HTTPResponse#set_error): 	  Fix for possible cross-site
 scripting (CVE-2010-0541). 	  Found by Apple, reported by Hideki Yamane. 
   Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29002 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog                   | 7 +++++++
 lib/webrick/httpresponse.rb | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 8d6145d5fe..a9d3fe5c5b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+Sun Aug 15 19:59:58 2010  Yuki Sonoda (Yugui)  <yugui@yugui.jp>
+
+	* lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error):
+	  Fix for possible cross-site scripting (CVE-2010-0541). 
+	  Found by Apple, reported by Hideki Yamane.
+	  Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>.
+
 Mon Aug 16 12:29:06 2010  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* Makefile.in, win32/Makefile.sub (test-rubyspec-precheck): split
diff --git a/lib/webrick/httpresponse.rb b/lib/webrick/httpresponse.rb
index 98c4a357fa..16bf15b6dd 100644
--- a/lib/webrick/httpresponse.rb
+++ b/lib/webrick/httpresponse.rb
@@ -208,7 +208,7 @@ module WEBrick
         @keep_alive = false
         self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR
       end
-      @header['content-type'] = "text/html"
+      @header['content-type'] = "text/html; charset=ISO-8859-1"
 
       if respond_to?(:create_error_page)
         create_error_page()