gh-143935: Email preserve parens when folding comments #143936
Merged
+43
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- No forced space to indent, - use almost the same code as the `bare-quoted-string` block above, handle nested comments and escaped parenthesis in addition
e.g. with a 40 characters length policy, the below `((loremipsum)(loremipsum)(loremipsum)(loremipsum))<spy@example.org>` should not be folded to `((loremipsum)(loremipsum)(loremipsum)\n(loremipsum))<spy@example.org>` but should rather stay `((loremipsum)(loremipsum)(loremipsum)(loremipsum))<spy@example.org>` to prevent to add a new line not starting with a space / with no indentation
To test a whitespace between two nested comments leads to a new line with one space indentation on folding
sethmlarson
force-pushed
the
email-preserve-parens-when-folding-comments
branch
from
3a9b2c7 to
8ad0fdb
Compare
sethmlarson
added
type-security
bitdancer
approved these changes
Jan 17, 2026
Yhg1s
added
needs backport to 3.10
|
Thanks @sethmlarson for the PR, and @Yhg1s for merging it 🌮🎉.. I'm working now to backport this PR to: 3.10, 3.11, 3.12, 3.13, 3.14. |
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this pull request
Jan 19, 2026
…H-143936) Fix a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs. (cherry picked from commit 17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2) Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Denis Ledoux <dle@odoo.com>
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this pull request
Jan 19, 2026
…H-143936) Fix a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs. (cherry picked from commit 17d1490) Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Denis Ledoux <dle@odoo.com>
|
GH-144034 is a backport of this pull request to the 3.14 branch. |
|
GH-144035 is a backport of this pull request to the 3.13 branch. |
|
Sorry, @sethmlarson and @Yhg1s, I could not cleanly backport this to |
|
GH-144036 is a backport of this pull request to the 3.12 branch. |
|
GH-144037 is a backport of this pull request to the 3.11 branch. |
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this pull request
Jan 19, 2026
…H-143936) Fix a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs. (cherry picked from commit 17d1490) Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Denis Ledoux <dle@odoo.com>
sethmlarson
added
needs backport to 3.11
|
Thanks @sethmlarson for the PR, and @Yhg1s for merging it 🌮🎉.. I'm working now to backport this PR to: 3.12. |
|
Thanks @sethmlarson for the PR, and @Yhg1s for merging it 🌮🎉.. I'm working now to backport this PR to: 3.14. |
|
Thanks @sethmlarson for the PR, and @Yhg1s for merging it 🌮🎉.. I'm working now to backport this PR to: 3.13. |
|
Thanks @sethmlarson for the PR, and @Yhg1s for merging it 🌮🎉.. I'm working now to backport this PR to: 3.11. |
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this pull request
Jan 19, 2026
…H-143936) Fix a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs. (cherry picked from commit 17d1490) Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Denis Ledoux <dle@odoo.com>
sethmlarson
removed
needs backport to 3.11
|
Sorry @sethmlarson and @Yhg1s, I had trouble completing the backport. |
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this pull request
Jan 19, 2026
…H-143936) Fix a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs. (cherry picked from commit 17d1490) Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Denis Ledoux <dle@odoo.com>
|
Sorry @sethmlarson and @Yhg1s, I had trouble completing the backport. |
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this pull request
Jan 19, 2026
…H-143936) Fix a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs. (cherry picked from commit 17d1490) Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Denis Ledoux <dle@odoo.com>
|
Sorry @sethmlarson and @Yhg1s, I had trouble completing the backport. |
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this pull request
Jan 19, 2026
…H-143936) Fix a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs. (cherry picked from commit 17d1490) Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Denis Ledoux <dle@odoo.com>
|
Sorry @sethmlarson and @Yhg1s, I had trouble completing the backport. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
cc @beledouxdenis