[issue34155] email.utils.parseaddr mistakenly parse an email

jpic Fri, 03 May 2019 16:58:09 -0700


jpic <j...@yourlabs.org> added the comment:


I haven't found this specific case in an RFC, but checked Go's net/mail
library behavior and it just considers it broken:

$ cat mail.go
package main
import "fmt"
import "net/mail"
func main() {
    fmt.Println((&mail.AddressParser{}).Parse("a...@example.com"))
    fmt.Println((&mail.AddressParser{}).Parse("a...@malicious.org@example.com
"))
}

$ go run mail.go
<a...@example.com> <nil>
<nil> mail: expected single address, got "@example.com"

That would fix the security issue but not the whole ticket.

----------

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue34155>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34155] email.utils.parseaddr mistakenly parse an email

Reply via email to