[issue19470] email.header.Header - should not allow two newlines in a row
R. David Murray
report at bugs.python.org
Fri Nov 1 14:36:17 CET 2013
R. David Murray added the comment:
I'm not sure how appropriate it is to "validate" a header using the Header object. Header is for *composing* internationalized headers, and does no validation to speak of. However, if you'd like to write a patch to add this check, I would probably commit it, since it is analogous to issue 5871.
However, since the security issue was already dealt with in issue 5871, this fix would be a convenience (detecting the issue earlier). On the flip side, it would also be a behavior change, so there might be objections to backporting it. (Do any programs use Header for things other than composing email messages and actually rely on embedded newlines? I hope not, but you never know :)
Further, if you use the new policies available in 3.3 and 3.4 (currently provisional, but they are the Way of the Future ;), you don't ever need to use Header objects, and embedded newlines are rejected as soon as you try to assign a string containing them as a header value in a message object.
----------
components: +email
nosy: +barry
type: security -> behavior
versions: +Python 3.4
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue19470>
_______________________________________
More information about the Python-bugs-list
mailing list