Is there an easy way to specify all "normal" views is an ASP.NET MVC app are to have charset=utf-8 appended to the Content-Type? View() lacks an override that allows you to specify the Content-Type, and ActionResult and friends don't seem to expose anything, either. The motivation is obviously to work around Internet Explorer guessing the "correct" encoding type, which I in turn want to do to avoid UTF-7 XSS attacks.
views:
195answers:
2
A:
You could write an attribute for it:
public class CharsetAttribute : ActionFilterAttribute
{
public override void OnActionExecuted(ActionExecutedContext filterContext)
{
filterContext.HttpContext.Response.Headers["Content-Type"] += ";charset=utf-8";
}
}
Feel free to make it a bit smarter, but that's the general idea. Add it to your base controller class and your whole app is covered.
Craig Stuntz
2009-11-16 18:33:55
That'd work great if I were running in integrated pipeline mode, but I don't believe I'm allowed to muck with headers quite that way on IIS6 and earlier, am I?
Benjamin Pollack
2009-11-16 18:37:42
You can certainly add them; we've tested this, and it works. I haven't tried modifying an existing header, though. Give it a shot; it's easy to test.
Craig Stuntz
2009-11-16 18:48:11
+3
A:
Maybe this in your web.config will do the magic?
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
Mickel
2009-11-16 18:35:14
+1; I like this better than my suggestion, although I believe both will work.
Craig Stuntz
2009-11-16 18:48:42