MCPcopy
hub / github.com/django/django / forbid_multi_line_headers

Function forbid_multi_line_headers

django/core/mail/message.py:76–103  ·  view source on GitHub ↗

Forbid multi-line headers to prevent header injection.

(name, val, encoding)

Source from the content-addressed store, hash-verified

74
75# RemovedInDjango70Warning.
76def forbid_multi_line_headers(name, val, encoding):
77 """Forbid multi-line headers to prevent header injection."""
78 warnings.warn(
79 "The internal API forbid_multi_line_headers() is deprecated."
80 " Python's modern email API (with email.message.EmailMessage or"
81 " email.policy.default) will reject multi-line headers.",
82 RemovedInDjango70Warning,
83 )
84
85 encoding = encoding or settings.DEFAULT_CHARSET
86 val = str(val) # val may be lazy
87 if "\n" in val or "\r" in val:
88 raise BadHeaderError(
89 "Header values can't contain newlines (got %r for header %r)" % (val, name)
90 )
91 try:
92 val.encode("ascii")
93 except UnicodeEncodeError:
94 if name.lower() in ADDRESS_HEADERS:
95 val = ", ".join(
96 sanitize_address(addr, encoding) for addr in getaddresses((val,))
97 )
98 else:
99 val = Header(val, encoding).encode()
100 else:
101 if name.lower() == "subject":
102 val = Header(val).encode()
103 return name, val
104
105
106# RemovedInDjango70Warning.

Callers 4

__setitem__Method · 0.85
__setitem__Method · 0.85
__setitem__Method · 0.85

Calls 4

BadHeaderErrorClass · 0.85
sanitize_addressFunction · 0.85
encodeMethod · 0.45
joinMethod · 0.45