Message341362
I haven't found this specific case in an RFC, but checked Go's net/mail
library behavior and it just considers it broken:
$ cat mail.go
package main
import "fmt"
import "net/mail"
func main() {
fmt.Println((&mail.AddressParser{}).Parse("a@example.com"))
fmt.Println((&mail.AddressParser{}).Parse("a@malicious.org@example.com
"))
}
$ go run mail.go
<a@example.com> <nil>
<nil> mail: expected single address, got "@example.com"
That would fix the security issue but not the whole ticket. |
|
Date |
User |
Action |
Args |
2019-05-03 23:57:59 | jpic | set | recipients:
+ jpic, barry, vstinner, msapiro, ned.deily, r.david.murray, nicoe, kal.sze, Windson Yang, xtreak, cnicodeme, bortzmeyer, Dain Dwarf |
2019-05-03 23:57:59 | jpic | link | issue34155 messages |
2019-05-03 23:57:58 | jpic | create | |
|