mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-03-06 07:22:32 +00:00
Code Issues 32 Releases Wiki Activity

Refs #31784 -- Added test for preventing header injection in display name of email addresses.

Browse Source
This commit is contained in:
Mariusz Felisiak 2020-07-16 10:03:59 +02:00
parent 3d16496037
commit f405954ea2
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
tests/mail/tests.py
View File

@ -188,14 +188,22 @@ class MailTests(HeadersCheckMixin, SimpleTestCase):
EmailMessage(reply_to='reply_to@example.com') EmailMessage(reply_to='reply_to@example.com')
def test_header_injection(self): def test_header_injection(self):
msg = "Header values can't contain newlines "
email = EmailMessage('Subject\nInjection Test', 'Content', 'from@example.com', ['to@example.com']) email = EmailMessage('Subject\nInjection Test', 'Content', 'from@example.com', ['to@example.com'])
with self.assertRaises(BadHeaderError): with self.assertRaisesMessage(BadHeaderError, msg):
email.message() email.message()
email = EmailMessage( email = EmailMessage(
gettext_lazy('Subject\nInjection Test'), 'Content', 'from@example.com', ['to@example.com'] gettext_lazy('Subject\nInjection Test'), 'Content', 'from@example.com', ['to@example.com']
) )
with self.assertRaises(BadHeaderError): with self.assertRaisesMessage(BadHeaderError, msg):
email.message() email.message()
with self.assertRaisesMessage(BadHeaderError, msg):
EmailMessage(
'Subject',
'Content',
'from@example.com',
['Name\nInjection test <to@example.com>'],
).message()
def test_space_continuation(self): def test_space_continuation(self):
""" """