Login Start Free Trial Login Start Free Trial
 

HawkScan Test Info for User Controllable Charset

HawkScan Test Info for User Controllable Charset

User Controllable Charset

Reference

Plugin Id: 10030 | CWE: 20

Remediation

  1. Force UTF-8 encoding: Always explicitly set UTF-8 encoding for all responses and never allow user input to influence charset declarations.
  2. Server-side charset control: Ensure charset declarations are controlled entirely by the server application, not user input.
  3. Input validation: Validate and sanitize any user input that might affect Content-Type headers.
  4. Framework configuration: Configure your web framework to automatically handle charset declarations securely.

About

User Controllable Charset vulnerabilities occur when user input can influence Content-Type headers or HTML meta tag charset declarations. This can allow attackers to manipulate how browsers interpret the content, potentially leading to character set confusion attacks and cross-site scripting.

Risks

High Charset manipulation can enable sophisticated XSS attacks, content injection, character encoding attacks, and browser security bypass techniques that may not be detected by standard security filters.