diff options
| author | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2024-08-06 17:06:41 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-06 17:06:41 (GMT) |
| commit | 4aaa4259b5a6e664b7316a4d60bdec7ee0f124d0 (patch) | |
| tree | 91f49bd4a759569b8c98343c5d591f0db08c77cf /Python/ceval.c | |
| parent | d5e7d0a4684e496889c90f951ee7d78a9da9f5b9 (diff) | |
| download | cpython-4aaa4259b5a6e664b7316a4d60bdec7ee0f124d0.zip cpython-4aaa4259b5a6e664b7316a4d60bdec7ee0f124d0.tar.gz cpython-4aaa4259b5a6e664b7316a4d60bdec7ee0f124d0.tar.bz2 | |
[3.13] gh-121650: Encode newlines in headers, and verify headers are sound (GH-122233) (#122484)
gh-121650: Encode newlines in headers, and verify headers are sound (GH-122233)
GH-GH- Encode header parts that contain newlines
Per RFC 2047:
> [...] these encoding schemes allow the
> encoding of arbitrary octet values, mail readers that implement this
> decoding should also ensure that display of the decoded data on the
> recipient's terminal will not cause unwanted side-effects
It seems that the "quoted-word" scheme is a valid way to include
a newline character in a header value, just like we already allow
undecodable bytes or control characters.
They do need to be properly quoted when serialized to text, though.
GH-GH- Verify that email headers are well-formed
This should fail for custom fold() implementations that aren't careful
about newlines.
(cherry picked from commit 097633981879b3c9de9a1dd120d3aa585ecc2384)
Co-authored-by: Petr Viktorin <encukou@gmail.com>
Co-authored-by: Bas Bloemsaat <bas@bloemsaat.org>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Diffstat (limited to 'Python/ceval.c')
0 files changed, 0 insertions, 0 deletions