I am thinking about setting the
php.ini, my.cnf and httpd.conf default charsets=UTF-8
The website is in swedish lang only.
I have some folders with special chars in them, also some files.
Is there any harm by doing this?
Is it cross-browser safe?
Thanks
The only possible harm is that the HTTP daemon may tell the browser the charset (encoding) of the web page or other resource is UTF-8 when it actually isn't.
In general, it's a bad idea to set a default charset unless you're sure all the resources are UTF-8 or you're prepared to override the default on a case by case basis. Remember the charset specified in the HTTP headers overrides whatever you specify in the page itself. Browsers nowadays have powerful heuristics to determine the charset of the pages if they're not specified, so it's better to have no charset specified than having a wrong charset specified.
Yes, vulnerabilities can be introduced by changing your charset.
There can be problems with sql injection if you change your MySQL client's encoding to GBK, because this breaks addslashes(). I don't think this is a problem for UTF8 although I haven't tested it. In any case you should make sure you use mysql_real_escape_string(), or even better use a Parameterized Query Library like PDO which automatically uses mysql_real_escape_string() if you are connected to a mysql database.
For XSS I would use htmlspecialchars($var,ENT_QUOTES,'UTF-8').