Comments (7)
currently, emailjs successfully sends large attachments (the tests include a tar.gz file and a pdf file) so i haven't run into this issue before and i am curious and more than happy to look into it and improve it.
could you outline a test i can replicate which causes this failure? i believe the line you are referring to is this: https://github.com/eleith/emailjs/blob/master/smtp/message.js#L291
according to that line, isn't this recursing for every 76_6_16 bytes and not just 76?
lastly, could you further explain the security risk you referred to? i think that would help me better understand the issue you are reporting.
your suggestion to others that they try out nodemailer is valid and i will continue updating and improving emailjs, which works reasonably well for many use cases.
i like choice and i don't see bugs/mistakes in one project as a reason to deprecate in favor of another.
but despite our disagreement, i would appreciate your help in getting to the bottom of this one!
from emailjs.
I realized after I reported this that it works ONLY when you specify an attachment by its filename on the disk. If you pass it any large string values, either in the msg.text field or as an attachment, it'll crash.
Here's the code I used:
fs = require "fs"
util = require "util"
emailjs = require "emailjs"
wap = fs.readFileSync("/home/jart/Desktop/war-and-peace.txt").toString()
# wap = wap.toString()[..12000]
server = emailjs.server.connect
host: "mail.blah.com"
user: "foo"
password: "bar"
ssl: true
msg =
to: "[email protected]"
from: "[email protected]"
subject: "War and Peace"
text: wap
server.send msg, (err, message) ->
console.log "email() failed: #{util.inspect err}" if err
email() failed: { message: 'internal buffer got too large to handle!' }
And it seems the process DOES indeed crash with a stack overflow if you do this:
msg =
to: "[email protected]"
from: "[email protected]"
subject: "War and Peace"
text: "small text"
attachment: [{
alternative: true
data: "<html><body><pre>#{wap}</pre></body></html>"
}]
buffer.js:0
(function (exports, require, module, __filename, __dirname) { // Copyright Joy
^
RangeError: Maximum call stack size exceeded
This means some of your users are in big trouble. Let's say you've got a node.js webserver with a Contact Us page. I could put a really large message in that form and crash your webserver.
And the code I was talking about was here: https://github.com/eleith/emailjs/blob/master/smtp/message.js#L384
I don't think offering 'choices' is a valid argument for not wanting to hop on board with the nodemailer project. People don't want choices when it comes to a node.js mailer, they don't want to evaluate the merits of each project and make an informed decision, they want something that works and is easy to use so they can get back to writing their app.
They also want their app to work reliably and not have to go digging through logs to find out why messages fail to send intermittently. You have a responsibility to the developers using this project, and the people who use their projects, to make sure that what you're putting out is quality engineering. Sometimes the best way to shoulder that responsibility is by gracefully stepping down when someone else has invested the extra time and effort into building a better product. We should be cooperating whenever possible because needless competition hurts communities. It's sad that you're doing this because nodemailer could be a lot more awesome if you worked for them.
If you choose to keep this project alive, then I urge you to carve out a niche that clearly differentiates it from nodemailer.
from emailjs.
thanks for use case and sharing your opinions. i'll be sure to add this as a test case as well, to ensure this works properly from now on.
from emailjs.
Regardless of whether or not you take my advice, I commend you for being so on top of this issue and writing tests to make sure this problem doesn't happen again. It's incredibly rare that I see open source developers respond and start working on a fix in a matter of hours.
from emailjs.
thanks again. i have tests for both large message and data strings.
and now...time for a lobster:
,.---.
,,,, / _ `.
\\\\ / \ )
|||| /\/``-.__\/
::::/\/_
{{`-.__.-'(`(^^(^^^(^ 9 `.========='
{{{{{{ { ( ( ( ( (-----:=
{{.-'~~'-.(,(,,(,,,(__6_.'=========.
::::\/\
|||| \/\ ,-'/\
jgs //// \ `` _/ )
'''' \ ` /
`---''
from emailjs.
D'awww <3
from emailjs.
As the author of Nodemailer, I wouldn't suggest Eleith to deprecate Emailjs. I think it's a good project (I have borrowed some ideas from it now and then ⛄) and I believe that users should have a choice - Nodejitsu guys already deprecated their version of a SMTP client. Node.js is not Python where they usually have one standard module for one task and if it doesn't cut it, you're out of luck and have to implement your own.
from emailjs.
Related Issues (20)
- README mentions `client.sendAsync` but client has no `sendAsync` function HOT 1
- Error Typing... HOT 6
- Can attachments be delivered using http addresses? HOT 1
- test suite fails under node 18 HOT 2
- SMTPClient stuck (race condition?) HOT 15
- Deno Support HOT 6
- Error [ERR_REQUIRE_ESM] - Remix HOT 6
- SMTPClient stuck on same error message HOT 2
- 27 errors when building with @tsconfig/node18-strictest HOT 2
- Can we deliver bulk email using single connection? HOT 7
- Emails is not sent if used Iphone HOT 1
- error - ./node_modules/emailjs/email.js:1:0 Module not found: Can't resolve 'fs' HOT 1
- Please tell me how to embed images in email.js what is cid:unique identifier ?? HOT 3
- how to embed image in HTML to shoot an Gmail via email.js
- TextEncoder is not a constructor error in nextjs server side api
- office 365
- Minor vulnerability: Password leaks in error when authorization/authentication fails HOT 3
- Typescript error HOT 9
- Compatibility with Node 20: NodeJS.Timer vs NodeJS.Timeout HOT 1
- Proxy support
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from emailjs.