cgi security

[Andrew Kuchling]

Moshe Zadka <moshez at zadka.site.co.il> writes:
> No it isn't. Neither important, not possible in general. Well, it is possible
> but the best regex people have come up with is ~10k characters and still 
> doesn't deal with the corner cases. 
> You want to make sure you got a valid addy? Send mail to it.

It might be worth removing newlines from the submitted address though;
if the CGI is doing ('From: %s' % addr), someone could be adding
additional headers to the message such as CC:.  In theory you could
abuse this to spam through a script.  

--amk