On 12/27/05, James Bennett <[EMAIL PROTECTED]> wrote: > When writing a view which will send email in response to input (say, a > contact form), does a developer need to perform the sort of input > validation common in, say, PHP, in order to prevent injection of > additional headers?
Good call! I've updated docs/email.txt to point out input needs to be validated. Also, in revision 1795, I tightended up the Django mail functions so that they don't accept newlines in any header. Docs are updated for that as well. Adrian -- Adrian Holovaty holovaty.com | djangoproject.com | chicagocrime.org
