django-newsletter icon indicating copy to clipboard operation
django-newsletter copied to clipboard

Published 20 hours ago verified publisher icon jazzband

Escaping of recipient name

Open newearthmartin opened this issue 6 years ago • 5 comments

In some cases, the subscription.name will contain special characters that cause the outgoing email to fail such as @ and ,.

Such real world example: when name is 'martin@' and email is [email protected], it creates this address for sending 'martin@ <[email protected]>', which fails.

I added a filter for these characters: @, , and ; in the get_address(name, email) method. There could be more, these are the real life cases that I faced.

I also considered changing it in the 'cleaning' part of subscription.save so that these faulty names don't even go into the database, but I decided to let them in the database and just filter them out when sending. Feel free to put your opinions about this in this PR.

newearthmartin avatar Sep 18 '19 01:09 newearthmartin

Coverage Status

Coverage increased (+0.009%) to 88.644% when pulling af34a4c65b9d19a48b5650f9dd29ae9bf0d3b8d8 on newearthmartin:invalid_chars into 30c3ec3f3bea93b22c6640aed40ee2c8040a4f46 on dokterbob:master.

coveralls avatar Sep 19 '19 19:09 coveralls

Coverage Status

Coverage increased (+0.009%) to 88.644% when pulling af34a4c65b9d19a48b5650f9dd29ae9bf0d3b8d8 on newearthmartin:invalid_chars into 30c3ec3f3bea93b22c6640aed40ee2c8040a4f46 on dokterbob:master.

coveralls avatar Sep 19 '19 19:09 coveralls

Thanks for the contrib!

However, it seems to me that these characters should be escaped rather than removed. It's 2020, we have UTF-8 these days and it happens to be that most of the world doesn't live in ASCII anymore. ;)

dokterbob avatar Jan 07 '20 14:01 dokterbob

Oh! But this isn't about Unicode or ascii. It is about characters like @ or . in the recipient's name, when these characters typically go in the recipient's address. You can try it and see.

newearthmartin avatar Jan 07 '20 15:01 newearthmartin

Of course you didn't do it because you're in love with ASCII. ;)

In python 3 there's a dedicated function to make recipient headers. https://docs.python.org/3/library/email.utils.html

You might need to backport this until Django 1.11 support will be dropped in April.

A 7 de janeiro de 2020 16:04:18 CET, newearthmartin [email protected] escreveu:

I didnt do this because I love ASCII, I did it because it was throwing an exception when sending emails in production (in 2019 😉). But it didn't occur to me to escape. Will make some tests and see if escaping works. >

-- > You are receiving this because you commented.> Reply to this email directly or view it on GitHub:> https://github.com/dokterbob/django-newsletter/pull/281#issuecomment-571624753

-- Enviado a partir do meu dispositivo Android com o K-9 Mail. Peço desculpa pela brevidade.

dokterbob avatar Jan 07 '20 15:01 dokterbob