Escape quotes and backslashes in MailAddress display name when encoding SMTP headers

[Copilot]

MailAddress.Encode — the path SmtpClient uses to write From/To/Cc/etc. headers — wraps the display name in "…" but does not escape RFC 5322 quoted-string specials (" and \), producing an invalid quoted-string and corrupting the header when a DisplayName like Henry "The Fonz" Winkler or C:\path\to\file is used. MailAddress.ToString() previously escaped " but not \; only the SMTP send path was missed when quote support was added in #36752.

Changes

• MailAddress.Encode (ASCII / allowUnicode=true branch): escape embedded \ as \\ and " as \", producing a valid RFC 5322 quoted-string. The Q-encoded (non-ASCII) branch is unaffected since encoded-words don't use quoted-string syntax.
• MailAddress.ToString: apply the same \ → \\ escaping alongside the existing " → \" escaping, so both rendering paths are consistent.
• Order matters in both call sites: \ is escaped first, then ", otherwise the newly inserted backslashes would themselves get double-escaped.
• Tests: add [Theory]-based regression tests in MailAddressEncodeTest (with a DisplayNamesWithSpecialChars member-data source) covering quote-only, backslash-only, and combined cases for both MailAddress.Encode and MailAddressCollection.Encode; extend MailAddressDisplayNameTest.MailAddressTestDataQuotes with backslash variants and fix the helper that computes the expected ToString() to apply both replacements. The pre-existing range-of-chars test was updated to expect the now-escaped [\\] substring in its allowUnicode=true assertion (the Q-encoded path is unchanged).

Before vs. after for new MailAddress("test@example.com", "Henry \"The Fonz\" Winkler").Encode(0, false):

- "Henry "The Fonz" Winkler" <test@example.com>     // invalid quoted-string
+ "Henry \"The Fonz\" Winkler" <test@example.com>   // RFC 5322-compliant

Before vs. after for new MailAddress("test@example.com", "C:\\path\\to\\file").Encode(0, false):

- "C:\path\to\file" <test@example.com>              // invalid quoted-string
+ "C:\\path\\to\\file" <test@example.com>           // RFC 5322-compliant

[dotnet-policy-service]

Tagging subscribers to this area: @karelz, @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

[mrek-msft]

@copilot please add support for escaping \ into \\ as well.

[Copilot]

@copilot please add support for escaping \ into \\ as well.

Done. Both MailAddress.Encode and MailAddress.ToString now escape \ → \\ in addition to " → \" (backslash first, then quote, to avoid double-escaping the newly inserted backslashes). Extended the MailAddressEncodeTest regression tests with a [Theory] covering quote-only, backslash-only, and combined cases (including C:\path\to\file), and the pre-existing range-of-chars test expectation was updated for the now-escaped [\\] substring. All 340 unit + 433 functional tests pass.

Note

This response was generated by GitHub Copilot.

[mrek-msft]

@copilot, please move Replace("\\", "\\\\").Replace("\"", "\\\"") to some helper method so we do not have to maintain it on two places.

[Copilot]

@copilot, please move Replace("\\", "\\\\").Replace("\"", "\\\"") to some helper method so we do not have to maintain it on two places.

Done in 41e68cd. Extracted into a private static EscapeQuotedStringContent(string) helper on MailAddress, used by both ToString and Encode.

Note

This response was generated by GitHub Copilot.

[mrek-msft]

@copilot remove this comment and add " to test input above (+ escaped into expected output below).

[Copilot]

Done in 52b71be. Added " to the input string (between ! and #), updated the allowUnicode=true expectation to include \", updated the Q-encoded expectation to include =22 (which shifts the line folds), and removed the comment.

Note

This response was generated by GitHub Copilot.

[mrek-msft]

@copilot this link is totally wrong. It is completely unrelated issue. Do not mention any issue URL there.

[Copilot]

Removed in 616dd51.

Note

This response was generated by GitHub Copilot.

[Copilot]

Pull request overview

This PR fixes RFC quoted-string escaping for MailAddress display names by ensuring embedded " and \ characters are emitted as quoted-pairs in both the SMTP header encoding path (MailAddress.Encode) and the string rendering path (MailAddress.ToString).

Changes:

• Add a shared escaping helper in MailAddress and use it from both ToString() and the ASCII / allowUnicode branch of Encode(...).
• Update and extend unit tests to cover display names containing quotes, backslashes, and combinations thereof for both single and multiple address encoding.
• Adjust the existing “range of chars” test expectations for the allowUnicode=true output to reflect the new escaping behavior.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
src/libraries/System.Net.Mail/src/System/Net/Mail/MailAddress.cs	Escapes \ and " in quoted display names for both ToString() and the ASCII/allowUnicode Encode path via a shared helper.
src/libraries/System.Net.Mail/tests/Unit/MailAddressTests/MailAddressEncodeTest.cs	Adds theory-based regression coverage for escaping in MailAddress.Encode, MailAddressCollection.Encode, and ToString, and updates a pre-existing expectation.
src/libraries/System.Net.Mail/tests/Unit/MailAddressTests/MailAddressDisplayNameTest.cs	Extends display-name test data to include backslash cases and updates expected ToString() escaping accordingly.