[dancer-users] Dancer::Plugin::Email taint

Sawyer X xsawyerx at gmail.com
Thu Feb 11 21:46:59 GMT 2016


Dancer::Plugin::Email uses Email::Sender. It has several transport
layers (configurable in Dancer::Plugin::Email). Even the one you could
be worried about, which is the "run the sendmail app" one, still seems
to be written safely:

https://metacpan.org/source/RJBS/Email-Sender-1.300021/lib/Email/Sender/Transport/Sendmail.pm#L71

So, doesn't seem like you need to worry about escaping such things as
command line applications and parameters.


On Sun, Feb 7, 2016 at 10:17 PM, Mike Cu <mike_cu80 at yahoo.com> wrote:
>
> When using the Dancer::Plugin::Email module,should you check the user input for tainted data? like for the classic rm -rf?
>
> _______________________________________________
> dancer-users mailing list
> dancer-users at dancer.pm
> http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
>


More information about the dancer-users mailing list