How to check (or avoid) the user field name so that it does not violate my email sending software?

Question

How to check (or avoid) the user field name so that it does not violate my email sending software?

When sending a message, I might have something like this to set the To: field (in Perl)

To: "$name" <$email>

In Perl, I can check the $ email part with Email :: Valid, but how can I make sure the $ name part accepts Unicode characters, but cannot be tricked by sending to multiple addresses or some other nasty thing? for example This

 $email = ' bar@me.com '; $name = 'Foo" < foo@other.com >, "Bar';

seems to create a To field like this:

 To: "Foo" < foo@other.com >, "Bar" < bar@me.com >

sending email to two addresses.

+6

security email perl web

szabgab Jun 25 '12 at 8:04

source share

2 answers

daxim · Answer 1 · 2012-06-25T08:20:13+0000

 use Email::Address qw(); use Encode qw(encode); s{\R}{}g for $email, $name; # newlines be-gone my $to = Email::Address->new($name => $email)->format; print encode 'MIME-Header', $to;

d135-1r43 · Answer 2 · 2012-06-25T08:31:17+0000

There cannot be a simple solution. I would recommend a conservative solution manually.

 /\p{L}/

matches any unicode letter in any language. Feel free to add dots or dashes, depending on the cultural background of your software.

How to check (or avoid) the user field name so that it does not violate my email sending software?

More articles: