R. David Murray added the comment: I'm not sure how appropriate it is to "validate" a header using the Header object. Header is for *composing* internationalized headers, and does no validation to speak of. However, if you'd like to write a patch to add this check, I would probably commit it, since it is analogous to issue 5871.
However, since the security issue was already dealt with in issue 5871, this fix would be a convenience (detecting the issue earlier). On the flip side, it would also be a behavior change, so there might be objections to backporting it. (Do any programs use Header for things other than composing email messages and actually rely on embedded newlines? I hope not, but you never know :) Further, if you use the new policies available in 3.3 and 3.4 (currently provisional, but they are the Way of the Future ;), you don't ever need to use Header objects, and embedded newlines are rejected as soon as you try to assign a string containing them as a header value in a message object. ---------- components: +email nosy: +barry type: security -> behavior versions: +Python 3.4 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue19470> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
