diff options
Diffstat (limited to 'tests/mail/tests.py')
| -rw-r--r-- | tests/mail/tests.py | 50 |
1 files changed, 44 insertions, 6 deletions
diff --git a/tests/mail/tests.py b/tests/mail/tests.py index 1f8c6b12bf..baffe1a5ed 100644 --- a/tests/mail/tests.py +++ b/tests/mail/tests.py @@ -730,14 +730,14 @@ class MailTests(HeadersCheckMixin, SimpleTestCase): ( ('A name', 'to@example.com'), 'utf-8', - '=?utf-8?q?A_name?= <to@example.com>', + 'A name <to@example.com>', ), ('localpartonly', 'ascii', 'localpartonly'), # ASCII addresses with display names. ('A name <to@example.com>', 'ascii', 'A name <to@example.com>'), - ('A name <to@example.com>', 'utf-8', '=?utf-8?q?A_name?= <to@example.com>'), + ('A name <to@example.com>', 'utf-8', 'A name <to@example.com>'), ('"A name" <to@example.com>', 'ascii', 'A name <to@example.com>'), - ('"A name" <to@example.com>', 'utf-8', '=?utf-8?q?A_name?= <to@example.com>'), + ('"A name" <to@example.com>', 'utf-8', 'A name <to@example.com>'), # Unicode addresses (supported per RFC-6532). ('tó@example.com', 'utf-8', '=?utf-8?b?dMOz?=@example.com'), ('to@éxample.com', 'utf-8', 'to@xn--xample-9ua.com'), @@ -756,20 +756,45 @@ class MailTests(HeadersCheckMixin, SimpleTestCase): ( 'To Example <to@éxample.com>', 'utf-8', - '=?utf-8?q?To_Example?= <to@xn--xample-9ua.com>', + 'To Example <to@xn--xample-9ua.com>', ), # Addresses with two @ signs. ('"to@other.com"@example.com', 'utf-8', r'"to@other.com"@example.com'), ( '"to@other.com" <to@example.com>', 'utf-8', - '=?utf-8?q?to=40other=2Ecom?= <to@example.com>', + '"to@other.com" <to@example.com>', ), ( ('To Example', 'to@other.com@example.com'), 'utf-8', - '=?utf-8?q?To_Example?= <"to@other.com"@example.com>', + 'To Example <"to@other.com"@example.com>', + ), + # Addresses with long unicode display names. + ( + 'Tó Example very long' * 4 + ' <to@example.com>', + 'utf-8', + '=?utf-8?q?T=C3=B3_Example_very_longT=C3=B3_Example_very_longT' + '=C3=B3_Example_?=\n' + ' =?utf-8?q?very_longT=C3=B3_Example_very_long?= ' + '<to@example.com>', + ), + ( + ('Tó Example very long' * 4, 'to@example.com'), + 'utf-8', + '=?utf-8?q?T=C3=B3_Example_very_longT=C3=B3_Example_very_longT' + '=C3=B3_Example_?=\n' + ' =?utf-8?q?very_longT=C3=B3_Example_very_long?= ' + '<to@example.com>', ), + # Address with long display name and unicode domain. + ( + ('To Example very long' * 4, 'to@exampl€.com'), + 'utf-8', + 'To Example very longTo Example very longTo Example very longT' + 'o Example very\n' + ' long <to@xn--exampl-nc1c.com>' + ) ): with self.subTest(email_address=email_address, encoding=encoding): self.assertEqual(sanitize_address(email_address, encoding), expected_result) @@ -789,6 +814,19 @@ class MailTests(HeadersCheckMixin, SimpleTestCase): with self.assertRaises(ValueError): sanitize_address(email_address, encoding='utf-8') + def test_sanitize_address_header_injection(self): + msg = 'Invalid address; address parts cannot contain newlines.' + tests = [ + 'Name\nInjection <to@example.com>', + ('Name\nInjection', 'to@xample.com'), + 'Name <to\ninjection@example.com>', + ('Name', 'to\ninjection@example.com'), + ] + for email_address in tests: + with self.subTest(email_address=email_address): + with self.assertRaisesMessage(ValueError, msg): + sanitize_address(email_address, encoding='utf-8') + @requires_tz_support class MailTimeZoneTests(SimpleTestCase): |