Ensure EmailAddress can't contain newlines

2025-12-20 11:51:05 -05:00 · 2020-09-10 15:05:10 -07:00
parent bc1156149a
commit 5b04ae30f2
2 changed files with 21 additions and 0 deletions
--- a/anymail/utils.py
+++ b/anymail/utils.py
@@ -212,6 +212,14 @@ class EmailAddress:
                display_name, addr_spec = display_name  # unpack (name,addr) tuple
            except ValueError:
                pass
+
+        # ESPs should clean or reject addresses containing newlines, but some
+        # extra protection can't hurt (and it seems to be a common oversight)
+        if '\n' in display_name or '\r' in display_name:
+            raise ValueError('EmailAddress display_name cannot contain newlines')
+        if '\n' in addr_spec or '\r' in addr_spec:
+            raise ValueError('EmailAddress addr_spec cannot contain newlines')
+
        self.display_name = display_name
        self.addr_spec = addr_spec
        try:
--- a/tests/test_utils.py
+++ b/tests/test_utils.py
@@ -159,6 +159,19 @@ class ParseAddressListTests(SimpleTestCase):
        with self.assertRaisesMessage(AnymailInvalidAddress, "Invalid email address"):
            parse_single_address(" ")

+    def test_no_newlines(self):
+        # (Parsing shouldn't even be able to even generate these cases,
+        # but in case anyone constructs an EmailAddress directly...)
+        for name, addr in [
+            ("Potential\nInjection", "addr@example.com"),
+            ("Potential\rInjection", "addr@example.com"),
+            ("Name", "potential\ninjection@example.com"),
+            ("Name", "potential\rinjection@example.com"),
+        ]:
+            with self.subTest(name=name, addr=addr):
+                with self.assertRaisesMessage(ValueError, "cannot contain newlines"):
+                    _ = EmailAddress(name, addr)
+

 class NormalizedAttachmentTests(SimpleTestCase):
    """Test utils.Attachment"""