I wonder if MailMessage class is protected from e-mail injection. For example, should I check values before passing them to its constructor:
MailMessage message = new MailMessage(fromTextBox.Text, toTextBox.Text);
views:
189answers:
3
A:
There seems to be only a simple check in the MailAddress class which checks if the address contains an @.
Stefan Schultze
2008-11-19 09:03:09
Wrong; see MailBnfHelper
SLaks
2009-06-16 21:21:47
+1
A:
I took a quick look at the source code and it seems there is no checks at all (except those that the params are not null) But if you simply create a MailMessage, there should be no problem at all, because its plain text... Only when using Alternate Views you should be aware of injections.
Calamitous
2008-11-19 09:07:39
+2
A:
The MailAddress class checks its addresses against the full BNF grammar from RFC822. (See MailBnfHelper).
There is no risk of injection when using MailMessages. (Except HTML injection in your own content)
SLaks
2009-06-16 11:37:31