Hello, When sending e-mail from rails, I am wondering if there is a need to filter post data from forms to prevent email injection attacks; or, if ActionMailer is designed to protect against them. I have done a few simple tests by trying to add newlines, and cc's, using code similar to injection through php, and ActionMailer has converted them to simple strings. I haven't seen any mention or cautions of injection attacks in either Agile Web Development, or Beginning Rails by Apress; nor, do I find anything significant from googling. Any search done regarding email injection attacks when using php brings too many results to count.
Is it something taken care of by ActionMailer, or do folks usually roll their own filter methods?
If it is needed can anyone point me to a blog or tutorial with some information?
Thanks. Scott.
