When sending e-mail from rails, I am wondering if there is a need to
filter post data from forms to prevent email injection attacks; or, if
ActionMailer is designed to protect against them. I have done a few
simple tests by trying to add newlines, and cc's, using code similar
to injection through php, and ActionMailer has converted them to
simple strings. I haven't seen any mention or cautions of injection
attacks in either Agile Web Development, or Beginning Rails by Apress;
nor, do I find anything significant from googling. Any search done
regarding email injection attacks when using php brings too many
results to count.
Is it something taken care of by ActionMailer, or do folks usually
roll their own filter methods?
If it is needed can anyone point me to a blog or tutorial with some