[issue34155] email.utils.parseaddr mistakenly parse an email
jpic
report at bugs.python.org
Fri May 3 19:57:59 EDT 2019
jpic <jpic at yourlabs.org> added the comment:
I haven't found this specific case in an RFC, but checked Go's net/mail
library behavior and it just considers it broken:
$ cat mail.go
package main
import "fmt"
import "net/mail"
func main() {
fmt.Println((&mail.AddressParser{}).Parse("a at example.com"))
fmt.Println((&mail.AddressParser{}).Parse("a at malicious.org@example.com
"))
}
$ go run mail.go
<a at example.com> <nil>
<nil> mail: expected single address, got "@example.com"
That would fix the security issue but not the whole ticket.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue34155>
_______________________________________
More information about the Python-bugs-list
mailing list