haraka / email-message Goto Github PK

system info

Expected behavior

Headers that have non-ASCII content must also encode whitespace to comply with RFC 2047. From Section 2 of the RFC (https://tools.ietf.org/html/rfc2047):

IMPORTANT: 'encoded-word's are designed to be recognized as 'atom's
by an RFC 822 parser. As a consequence, unencoded white space
characters (such as SPACE and HTAB) are FORBIDDEN within an
'encoded-word'. For example, the character sequence

 =?iso-8859-1?q?this is some text?=

would be parsed as four 'atom's, rather than as a single 'atom' (by
an RFC 822 parser) or 'encoded-word' (by a parser which understands
'encoded-words'). The correct way to encode the string "this is some
text" is to encode the SPACE characters as well, e.g.

 =?iso-8859-1?q?this=20is=20some=20text?=

Observed behavior

Whitespace characters are not encoded.

Steps to reproduce

The test in tests/mailheader.js, on line 73, demonstrates the bug itself:

        this.h.add('Bar', 'bøø 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890');
        test.equal(this.h.lines()[0], 'Bar: =?UTF-8?q?b=C3=B8=C3=B8 1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890?=\n');

For correct RFC syntax checking, the test.equal should be:

  test.equal(this.h.lines()[0], 'Bar: =?UTF-8?q?b=C3=B8=C3=B8=201234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890?=\n');

(Note the encoded space before the long string of numbers.)

• minimize package size when publishing. Use [files] in package.json instead of .npmignore.
• automated code linting. #3308
  • verify 'lint' script in package.json
  • verify 'lint' CI test config
• automated code formatting (see also #3308)
• automated CI testing.
  • mostly done, verify that local copy of ci.yml is up-to-date.
• CONTRIBUTORS: see 3309
• consistent naming of "special" files like CHANGELOG.md.
• CHANGELOG: verify links at bottom (due to inconsistent tag naming)
  • latest .release does this, fixes most, and warns of errors it can't fix
• verify GitHub repo About link points to npm package
• convert test suites to mocha "style"
  • works great today and with node --test in v18+