[3.10] gh-121284: Fix email address header folding with parsed encoded-word (GH-122754) by encukou · Pull Request #131411 · python/cpython (original) (raw)

Email generators using email.policy.default may convert an RFC 2047 encoded-word to unencoded form during header refolding. In a structured header, this could allow 'specials' chars outside a quoted-string, leading to invalid address headers and enabling spoofing. This change ensures a parsed encoded-word that contains specials is kept as an encoded-word while the header is refolded.

[Better fix from @bitdancer.]

(cherry picked from commit 295b53d)

• Issue: email: invalid RFC 2047 address header after refolding with email.policy.default #121284