gh-143935: Email preserve parens when folding comments#143936
Merged
+43 −1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
- No forced space to indent, - use almost the same code as the `bare-quoted-string` block above, handle nested comments and escaped parenthesis in addition
e.g. with a 40 characters length policy, the below `((loremipsum)(loremipsum)(loremipsum)(loremipsum))<[email protected]>` should not be folded to `((loremipsum)(loremipsum)(loremipsum)\n(loremipsum))<[email protected]>` but should rather stay `((loremipsum)(loremipsum)(loremipsum)(loremipsum))<[email protected]>` to prevent to add a new line not starting with a space / with no indentation
To test a whitespace between two nested comments leads to a new line with one space indentation on folding
sethmlarsonforce-pushed the email-preserve-parens-when-folding-comments branch from 3a9b2c7 to 8ad0fdbComparesethmlarson added type-security 
bitdancer approved these changes Jan 17, 2026
Yhg1s added needs backport to 3.10 
Yhg1s merged commit 17d1490 into python:main 50 checks passed
Uh oh!
There was an error while loading. Please reload this page.
Thanks @sethmlarson for the PR, and @Yhg1s for merging it 🌮🎉.. I'm working now to backport this PR to: 3.10, 3.11, 3.12, 3.13, 3.14. |
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Jan 19, 2026
…H-143936) Fix a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs. (cherry picked from commit 17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2) Co-authored-by: Seth Michael Larson <[email protected]> Co-authored-by: Denis Ledoux <[email protected]>
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Jan 19, 2026
…H-143936) Fix a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs. (cherry picked from commit 17d1490) Co-authored-by: Seth Michael Larson <[email protected]> Co-authored-by: Denis Ledoux <[email protected]>
GH-144034 is a backport of this pull request to the 3.14 branch. |
GH-144035 is a backport of this pull request to the 3.13 branch. |
Sorry, @sethmlarson and @Yhg1s, I could not cleanly backport this to |
GH-144036 is a backport of this pull request to the 3.12 branch. |
GH-144037 is a backport of this pull request to the 3.11 branch. |
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Jan 19, 2026
…H-143936) Fix a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs. (cherry picked from commit 17d1490) Co-authored-by: Seth Michael Larson <[email protected]> Co-authored-by: Denis Ledoux <[email protected]>
sethmlarson added needs backport to 3.11 Thanks @sethmlarson for the PR, and @Yhg1s for merging it 🌮🎉.. I'm working now to backport this PR to: 3.12. |
Thanks @sethmlarson for the PR, and @Yhg1s for merging it 🌮🎉.. I'm working now to backport this PR to: 3.14. |
Thanks @sethmlarson for the PR, and @Yhg1s for merging it 🌮🎉.. I'm working now to backport this PR to: 3.13. |
Thanks @sethmlarson for the PR, and @Yhg1s for merging it 🌮🎉.. I'm working now to backport this PR to: 3.11. |
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Jan 19, 2026
…H-143936) Fix a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs. (cherry picked from commit 17d1490) Co-authored-by: Seth Michael Larson <[email protected]> Co-authored-by: Denis Ledoux <[email protected]>
sethmlarson removed needs backport to 3.11 Sorry @sethmlarson and @Yhg1s, I had trouble completing the backport. |
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Jan 19, 2026
…H-143936) Fix a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs. (cherry picked from commit 17d1490) Co-authored-by: Seth Michael Larson <[email protected]> Co-authored-by: Denis Ledoux <[email protected]>
Sorry @sethmlarson and @Yhg1s, I had trouble completing the backport. |
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Jan 19, 2026
…H-143936) Fix a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs. (cherry picked from commit 17d1490) Co-authored-by: Seth Michael Larson <[email protected]> Co-authored-by: Denis Ledoux <[email protected]>
Sorry @sethmlarson and @Yhg1s, I had trouble completing the backport. |
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Jan 19, 2026
…H-143936) Fix a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs. (cherry picked from commit 17d1490) Co-authored-by: Seth Michael Larson <[email protected]> Co-authored-by: Denis Ledoux <[email protected]>
Sorry @sethmlarson and @Yhg1s, I had trouble completing the backport. |
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
cc @beledouxdenis