jinjalint-meta-charset

tl;dr HTML documents should include a <meta> charset declaration in the <head> of the document. This prevents the browser from incorrectly interpreting the character encoding of the document. The character encoding can impact the security of the web page.

Description

Web pages missing a <meta> charset declaration may be vulnerable to many different esoteric forms of XSS attacks, such as Javascript execution via CESU-8, UTF-7, BOCU-1, or SCSU encoding.

This check will detect the following case.

<html>
    <body>
        ...
    </body>
</html>

The check will consider the following cases acceptable.

<html>
    <head>
        <meta charset="UTF-8">
    </head>
    <body>
        ...
    </body>
</html>

References