2π
I found that this issue has been fixed in Django 1.5. The testing email backend (locmem.py) now performs the same header sanitization as the standard backends.
https://code.djangoproject.com/ticket/18861
https://github.com/django/django/commit/8599f64e54adfb32ee6550ed7a6ec9944034d978
EDIT
I found a workaround for testing header validation in Django versions <1.5.
Use the get_connection method to load the console backend which performs the same validations as the production backend.
Thanks to Alexander Afanasiev for pointing me in the right direction.
connection = get_connection('django.core.mail.backends.console.EmailBackend')
send_mail('Subject\nhere',
'Here is the message.',
'from@example.com',
['to@example.com'],
fail_silently=False,
connection=connection)
3π
Youβre not really testing anything. Testing would imply checking if the BadHeaderError has been raised or not. The test would fail if an assert test is false. You could do something like this β
def test_newline_causes_exception(self)
error_occured = False
try:
send_mail('Header\nInjection', 'Here is the message.', 'from@example.com',
['to@example.com'], fail_silently=False)
except BadHeaderError:
error_occured = True
self.assertTrue(error_ocurred)
I havenβt tested it. But it should work.
PS: from django.core.mail import send_mail, BadHeaderError
- [Django]-Best approach to handle concurrency in Django for eauction toy-app
- [Django]-How to add attrs to Widget at rendertime
- [Django]-Mod_wsgi (3.4-14) / Apache 2.4.12 / Red Hat (6.7) / Django 1.8.2 hanging under load
- [Django]-Django : custom management command not registered using app config