cpython/Lib/email/test
R. David Murray 5b2d9ddf69 #5871: protect against header injection attacks.
This makes Header.encode throw a HeaderParseError if it winds up
formatting a header such that a continuation line has no leading
whitespace and looks like a header.  Since Header accepts values
containing newlines and preserves them (and this is by design), without
this fix any program that took user input (say, a subject in a web form)
and passed it to the email package as a header was vulnerable to header
injection attacks.  (As far as we know this has never been exploited.)

Thanks to Jakub Wilk for reporting this vulnerability.
2011-01-09 02:35:24 +00:00
..
data #1349106: add linesep argument to generator.flatten and header.encode. 2010-10-23 22:19:56 +00:00
__init__.py Copying the email package back, despite its failings. 2007-08-30 01:15:14 +00:00
test_email.py #5871: protect against header injection attacks. 2011-01-09 02:35:24 +00:00
test_email_codecs.py "Port" the fix for issue 1974 from the trunk (2.7). Because Python 3.x does things much better, less changes are necessary. 2009-03-30 23:12:30 +00:00
test_email_torture.py Merged revisions 78018,78035-78040,78042-78043,78046,78048-78052,78054,78059,78075-78080 via svnmerge from 2010-03-14 10:23:39 +00:00