Rooba
/
cpython
mirror of https://github.com/python/cpython.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cpython/Lib/email/test
History
R. David Murray 5b2d9ddf69 #5871: protect against header injection attacks. 
This makes Header.encode throw a HeaderParseError if it winds up
formatting a header such that a continuation line has no leading
whitespace and looks like a header.  Since Header accepts values
containing newlines and preserves them (and this is by design), without
this fix any program that took user input (say, a subject in a web form)
and passed it to the email package as a header was vulnerable to header
injection attacks.  (As far as we know this has never been exploited.)

Thanks to Jakub Wilk for reporting this vulnerability.
 		2011-01-09 02:35:24 +00:00
..
data #1349106: add linesep argument to generator.flatten and header.encode. 2010-10-23 22:19:56 +00:00
__init__.py
test_email.py #5871: protect against header injection attacks. 2011-01-09 02:35:24 +00:00
test_email_codecs.py
test_email_torture.py