Skip to content

extend header encoding to cover control characters#224

Merged
andrewtimberlake merged 1 commit intoDockYard:masterfrom
tisdall:encode-control-chars
Mar 5, 2026
Merged

extend header encoding to cover control characters#224
andrewtimberlake merged 1 commit intoDockYard:masterfrom
tisdall:encode-control-chars

Conversation

@tisdall
Copy link
Copy Markdown
Contributor

@tisdall tisdall commented Mar 3, 2026
edited
Loading 

Mail.build() 
|> Mail.put_from("actualfrom@example.com") 
|> Mail.put_subject("some subject\r\nReply-To: cleverhacker@example.com") 
|> Mail.render() 
|> IO.puts()

outputs the following:

Subject: some subject
Reply-To: cleverhacker@example.com
From: actualfrom@example.com

With this PR applied:

Subject: =?UTF-8?Q?some subject=0D=0AReply-To: cleverhacker@example.com?=
From: actualfrom@example.com

Changes proposed in this pull request

Need to encode more than just non-ASCII as control characters can change how a header is read. People shouldn't be putting in control characters, but it's safer to just encode any that may occur.

This only recently became a problem due to #214 . Before that, the comparison between encoded and non-encoded would have been false and it would have used the encoded version.

@bcardarella
Copy link
Copy Markdown
Member

bcardarella commented Mar 3, 2026

@andrewtimberlake this is 👍 from me.

@andrewtimberlake
Copy link
Copy Markdown
Collaborator

andrewtimberlake commented Mar 5, 2026

Looks good. Thanks

@andrewtimberlake andrewtimberlake merged commit 4ab0440 into DockYard:master Mar 5, 2026
5 checks passed
@tisdall tisdall deleted the encode-control-chars branch March 5, 2026 16:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tisdall @bcardarella @andrewtimberlake