Dancer::Plugin::Email uses Email::Sender. It has several transport layers (configurable in Dancer::Plugin::Email). Even the one you could be worried about, which is the "run the sendmail app" one, still seems to be written safely: https://metacpan.org/source/RJBS/Email-Sender-1.300021/lib/Email/Sender/Tran... So, doesn't seem like you need to worry about escaping such things as command line applications and parameters. On Sun, Feb 7, 2016 at 10:17 PM, Mike Cu <mike_cu80@yahoo.com> wrote:
When using the Dancer::Plugin::Email module,should you check the user input for tainted data? like for the classic rm -rf?
_______________________________________________ dancer-users mailing list dancer-users@dancer.pm http://lists.preshweb.co.uk/mailman/listinfo/dancer-users