mirror of
https://github.com/python/cpython.git
synced 2025-08-05 01:18:26 +00:00
5aaf416858
Email generators using email.policy.default could incorrectly omit the
quote ('"') characters from a quoted-string during header refolding,
leading to invalid address headers and enabling header spoofing. This
change restores the quote characters on a bare-quoted-string as the
header is refolded, and escapes backslash and quote chars in the string.
6 lines
408 B
ReStructuredText
6 lines
408 B
ReStructuredText
Fix bug in the folding of quoted strings when flattening an email message using
|
|
a modern email policy. Previously when a quoted string was folded so that
|
|
it spanned more than one line, the surrounding quotes and internal escapes
|
|
would be omitted. This could theoretically be used to spoof header lines
|
|
using a carefully constructed quoted string if the resulting rendered email
|
|
was transmitted or re-parsed.
|