encode_entities for sendmail


Perl Monk, Perl Meditation
	PerlMonks

encode_entities for sendmail

by tomazos (Deacon)

on Aug 18, 2005 at 12:43 UTC ( [id://484732]=perlquestion: print w/replies, xml )

Need Help??

tomazos has asked for the wisdom of the Perl Monks concerning the following question:

I am automating an email with text from an untrusted scalar $body.

    use HTML::Entities;

    open MAIL, q(|/usr/lib/sendmail -t -f 'bar@bar.com')
            or die 'cant open sendmail';

    print MAIL "From: foo <bar\@bar.com>\n";
    print MAIL "To: boo <far\@far.com>\n";
    print MAIL "\n";
    print MAIL encode_entities($body),"\n";
    print MAIL ".\n";
    close MAIL;
[download]

The encode_entities is clearly overkill.

Is there an equivilant for whatever encoding is correct for email? Or would no encoding be safe even though $body is untrusted?

-Andrew.

Andrew Tomazos | andrew@tomazos.com | www.tomazos.com

Comment on encode_entities for sendmail Download Code

Replies are listed 'Best First'.

Re: encode_entities for sendmail
by jasonk (Parson) on Aug 18, 2005 at 13:05 UTC

It really depends more on what the receivers of the email are doing with it. Not encoding with anything would be plenty safe for most mail clients that don't render HTML, running it through encode_entities would probably protect most of those that do render HTML, and even running it through s/\W// may not make it safe enough for Outlook...