Dancer::Plugin::Email uses Email::Sender. It has several transport layers (configurable in Dancer::Plugin::Email). Even the one you could be worried about, which is the "run the sendmail app" one, still seems to be written safely:
https://metacpan.org/source/RJBS/Email-Sender-1.300021/lib/Email/Sender/Transport/Sendmail.pm#L71 So, doesn't seem like you need to worry about escaping such things as command line applications and parameters. On Sun, Feb 7, 2016 at 10:17 PM, Mike Cu <[email protected]> wrote: > > When using the Dancer::Plugin::Email module,should you check the user input > for tainted data? like for the classic rm -rf? > > _______________________________________________ > dancer-users mailing list > [email protected] > http://lists.preshweb.co.uk/mailman/listinfo/dancer-users > _______________________________________________ dancer-users mailing list [email protected] http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
