Author jpic
Recipients Dain Dwarf, Windson Yang, barry, bortzmeyer, cnicodeme, jpic, kal.sze, maxking, msapiro, ned.deily, nicoe, r.david.murray, vstinner, xtreak
Date 2019-06-01.07:51:22
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <CAC6Op1_+JOWJNy0XU73kjKNdWo30BXxAPRdGM40dcqUvfMz54Q@mail.gmail.com>
In-reply-to <1559283982.86.0.259349738436.issue34155@roundup.psfhosted.org>
Content
The email API does error recovery without loading invalid domains into
the domain variable which could lead to dangerous situations, example
with "a@foo.":

>>> email.message_from_string('From: a@foo.',policy=email.policy.default)['from'].addresses[0].domain
''

In perspective with the new patch proposed by maxking that lets an
invalid domain make it to the domain variable:

>>> email.message_from_string('From: a@b@c.com',policy=email.policy.default)['from'].addresses[0].domain
'b@c.com'

For me maxking's suggestion opens the question of where to draw the
line between invalid domains should be loaded into the domain variable
and what invalid domains should not be loaded into the domain
variable.

Another smaller advantage of of Go's net/mail behaviour is that
results between parseaddr and email are consistently empty strings for
an invalid domain: parseaddr does not seem able to return a list of
defects.
History
Date User Action Args
2019-06-01 07:51:23jpicsetrecipients: + jpic, barry, vstinner, msapiro, ned.deily, r.david.murray, nicoe, maxking, kal.sze, Windson Yang, xtreak, cnicodeme, bortzmeyer, Dain Dwarf
2019-06-01 07:51:22jpiclinkissue34155 messages
2019-06-01 07:51:22jpiccreate