Refs #31784 -- Added test for preventing header injection in display name of email addresses.

2020-07-16 10:03:59 +02:00 · 2020-07-16 10:03:59 +02:00 · f405954ea2
parent 3d16496037
commit f405954ea2
1 changed files with 10 additions and 2 deletions
--- a/tests/mail/tests.py
+++ b/tests/mail/tests.py
@ -188,14 +188,22 @@ class MailTests(HeadersCheckMixin, SimpleTestCase):
            EmailMessage(reply_to='reply_to@example.com')

    def test_header_injection(self):
+        msg = "Header values can't contain newlines "
        email = EmailMessage('Subject\nInjection Test', 'Content', 'from@example.com', ['to@example.com'])
-        with self.assertRaises(BadHeaderError):
+        with self.assertRaisesMessage(BadHeaderError, msg):
            email.message()
        email = EmailMessage(
            gettext_lazy('Subject\nInjection Test'), 'Content', 'from@example.com', ['to@example.com']
        )
-        with self.assertRaises(BadHeaderError):
+        with self.assertRaisesMessage(BadHeaderError, msg):
            email.message()
+        with self.assertRaisesMessage(BadHeaderError, msg):
+            EmailMessage(
+                'Subject',
+                'Content',
+                'from@example.com',
+                ['Name\nInjection test <to@example.com>'],
+            ).message()

    def test_space_continuation(self):
        """