diff options
author | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-07-16 10:03:59 +0200 |
---|---|---|
committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-07-20 07:10:16 +0200 |
commit | f405954ea24dcce7ed01e488a0778be7e441b757 (patch) | |
tree | a06684d4107b3e5458bd83f595b9b9d693d27e06 /tests/mail | |
parent | 3d16496037fbb8a6bbc6b6e354fa4f5eb65e6cea (diff) | |
download | django-f405954ea24dcce7ed01e488a0778be7e441b757.tar.gz |
Refs #31784 -- Added test for preventing header injection in display name of email addresses.
Diffstat (limited to 'tests/mail')
-rw-r--r-- | tests/mail/tests.py | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/tests/mail/tests.py b/tests/mail/tests.py index 1f8c6b12bf..72c22ad341 100644 --- a/tests/mail/tests.py +++ b/tests/mail/tests.py @@ -188,14 +188,22 @@ class MailTests(HeadersCheckMixin, SimpleTestCase): EmailMessage(reply_to='reply_to@example.com') def test_header_injection(self): + msg = "Header values can't contain newlines " email = EmailMessage('Subject\nInjection Test', 'Content', 'from@example.com', ['to@example.com']) - with self.assertRaises(BadHeaderError): + with self.assertRaisesMessage(BadHeaderError, msg): email.message() email = EmailMessage( gettext_lazy('Subject\nInjection Test'), 'Content', 'from@example.com', ['to@example.com'] ) - with self.assertRaises(BadHeaderError): + with self.assertRaisesMessage(BadHeaderError, msg): email.message() + with self.assertRaisesMessage(BadHeaderError, msg): + EmailMessage( + 'Subject', + 'Content', + 'from@example.com', + ['Name\nInjection test <to@example.com>'], + ).message() def test_space_continuation(self): """ |