Description
When the character encoding is not explicitly defined in web content, browsers may resort to guessing or using a default encoding. This can lead to misinterpretation of characters and vulnerabilities such as Cross-Site Scripting (XSS), where attackers may exploit different encodings like UTF-7. It is crucial to specify the character encoding to ensure proper rendering and prevent security risks.
Recommendation
To mitigate this issue, ensure that the character encoding is explicitly defined in either the HTTP header or HTML meta tags. You can set the character encoding in the HTTP header using the Content-Type header field or within HTML meta tags as shown below:
Content-Type: text/html; charset=UTF-8
or
< META http-equiv="Content-Type" content = "text/html; charset=UTF-8" >