5b2d9ddf69
This makes Header.encode throw a HeaderParseError if it winds up formatting a header such that a continuation line has no leading whitespace and looks like a header. Since Header accepts values containing newlines and preserves them (and this is by design), without this fix any program that took user input (say, a subject in a web form) and passed it to the email package as a header was vulnerable to header injection attacks. (As far as we know this has never been exploited.) Thanks to Jakub Wilk for reporting this vulnerability. |
||
---|---|---|
.. | ||
data | ||
__init__.py | ||
test_email.py | ||
test_email_codecs.py | ||
test_email_torture.py |