Hubert Seiwert wrote Monday, June 26, 2006 1:57 PM
> I don't currently see how this "ascii vulnerability" would make code
> injection possible on webservers where the Content-Type is not
> US-ASCII already, as the 3 methods mentioned to change the charset
> (http-equiv content-type header, CSS @...
> I don't currently see how this "ascii vulnerability" would make code
> injection possible on webservers where the Content-Type is not
> US-ASCII already, as the 3 methods mentioned to change the charset
> (http-equiv content-type header, CSS @...
[ more ]