The designer will ensure the web application assigns the character set on all web pages.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-16806 | APP3530 | SV-17806r1_rule | DCSQ-1 | Medium |
| Description |
|---|
| For web applications, setting the character set on the web page reduces the possibility of receiving unexpected input that uses other character set encodings by the web application. |
| STIG | Date |
|---|---|
| Application Security and Development Checklist | 2014-12-22 |
Details
| Check Text ( C-17804r1_chk ) |
|---|
| Ask the application representative to review web pages, and determine if the application sets the character set. Perl After the last header look for print "Content-Type: text/html; charset=utf-8\n\n"; PHP. Look for the header() function before any content is generated header('Content-type: text/html; charset=utf-8'); Java Servlets. Look for the setContentType method on the ServletResponse object Objectname.setContentType ("text/html;charset=utf-8"); JSP. Look for a page directives <%@ page contentType="text/html; charset=UTF-8" %> ASP Look for Response.charset <%Response.charset="utf-8"%> ASP.Net Look for Response.ContentEncoding Response.ContentEncoding = Encoding.UTF8; 1) If the application representative cannot demonstrate the above, it is a finding. |
| Fix Text (F-17095r1_fix) |
|---|
| Set the character set on all web pages. |