diff options
| author | Adrian Holovaty <adrian@holovaty.com> | 2006-01-12 03:02:19 +0000 |
|---|---|---|
| committer | Adrian Holovaty <adrian@holovaty.com> | 2006-01-12 03:02:19 +0000 |
| commit | b125cafbfc715f808b8af6125a1c1dddc7079963 (patch) | |
| tree | dc30308dc7f8f579a810754f8472a63551ac846c /docs | |
| parent | 51a699dea91eefb1e95939a93599330336b73228 (diff) | |
Added more explanation to docs/email.txt 'Preventing header injection' section.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1923 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/email.txt | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/docs/email.txt b/docs/email.txt index e43a29da30..ba2adf8201 100644 --- a/docs/email.txt +++ b/docs/email.txt @@ -124,10 +124,14 @@ scripts generate. The Django e-mail functions outlined above all protect against header injection by forbidding newlines in header values. If any ``subject``, ``from_email`` or -``recipient_list`` contains a newline, the e-mail function (e.g. -``send_mail()``) will raise ``django.core.mail.BadHeaderError`` (a subclass of -``ValueError``) and, hence, will not send the e-mail. It's your responsibility -to validate all data before passing it to the e-mail functions. +``recipient_list`` contains a newline (in either Unix, Windows or Mac style), +the e-mail function (e.g. ``send_mail()``) will raise +``django.core.mail.BadHeaderError`` (a subclass of ``ValueError``) and, hence, +will not send the e-mail. It's your responsibility to validate all data before +passing it to the e-mail functions. + +If a ``message`` contains headers at the start of the string, the headers will +simply be printed as the first bit of the e-mail message. Here's an example view that takes a ``subject``, ``message`` and ``from_email`` from the request's POST data, sends that to admin@example.com and redirects to |
