Navigation

Changeset 1923

Timestamp:

01/11/06 21:02:19 (3 years ago)

Author:

adrian

Message:

Added more explanation to docs/email.txt 'Preventing header injection' section.

Files:

r1898	r1923
125	125	The Django e-mail functions outlined above all protect against header injection
126	126	by forbidding newlines in header values. If any ``subject``, ``from_email`` or
127		``recipient_list`` contains a newline, the e-mail function (e.g.
128		``send_mail()``) will raise ``django.core.mail.BadHeaderError`` (a subclass of
129		``ValueError``) and, hence, will not send the e-mail. It's your responsibility
130		to validate all data before passing it to the e-mail functions.
	127	``recipient_list`` contains a newline (in either Unix, Windows or Mac style),
	128	the e-mail function (e.g. ``send_mail()``) will raise
	129	``django.core.mail.BadHeaderError`` (a subclass of ``ValueError``) and, hence,
	130	will not send the e-mail. It's your responsibility to validate all data before
	131	passing it to the e-mail functions.
	132
	133	If a ``message`` contains headers at the start of the string, the headers will
	134	simply be printed as the first bit of the e-mail message.
131	135
132	136	Here's an example view that takes a ``subject``, ``message`` and ``from_email``