Skip to content

Conversation

@miss-islington
Copy link
Contributor

@miss-islington miss-islington commented Jan 19, 2025

Email generators using email.policy.default could incorrectly omit the
quote ('"') characters from a quoted-string during header refolding,
leading to invalid address headers and enabling header spoofing. This
change restores the quote characters on a bare-quoted-string as the
header is refolded, and escapes backslash and quote chars in the string.
(cherry picked from commit 5aaf416)

Co-authored-by: Mike Edmunds [email protected]

…ing (pythonGH-122753)

Email generators using email.policy.default could incorrectly omit the
quote ('"') characters from a quoted-string during header refolding,
leading to invalid address headers and enabling header spoofing. This
change restores the quote characters on a bare-quoted-string as the
header is refolded, and escapes backslash and quote chars in the string.
(cherry picked from commit 5aaf416)

Co-authored-by: Mike Edmunds <[email protected]>
@miss-islington miss-islington requested a review from a team as a code owner January 19, 2025 00:51
@bedevere-app bedevere-app bot added topic-email type-security A security issue labels Jan 19, 2025
@bitdancer bitdancer merged commit b8170e5 into python:3.12 Jan 19, 2025
32 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants