jpic <j...@yourlabs.org> added the comment:
I haven't found this specific case in an RFC, but checked Go's net/mail library behavior and it just considers it broken: $ cat mail.go package main import "fmt" import "net/mail" func main() { fmt.Println((&mail.AddressParser{}).Parse("a...@example.com")) fmt.Println((&mail.AddressParser{}).Parse("a...@malicious.org@example.com ")) } $ go run mail.go <a...@example.com> <nil> <nil> mail: expected single address, got "@example.com" That would fix the security issue but not the whole ticket. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue34155> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com