I'll present this as a little story:

Suppose we are implementing a bot that reads the titles from Web pages and posts them on IRC, a classic.

As a short introduction (only vaguely related to the bug), further suppose that we are using Floki (which is also not standards conformant) to parse the title of say, this webpage:

<!DOCTYPE html>
<html><head><title>I don&#39;t want to
quit programming!</title></head><body>
…</body></html>

(this is conformant HTML, even though the formatting isn't pretty!)

Assume the result gets into title = "I don't want to\nquit programming!"… and we get to the ExIRC bug:

ExIRC.Client.msg(state.client, :privmsg, dest, "Title: #{title}")

In the IRC channel we see:

<someone> https://domain.tld/blog/i-dont-want-to-quit-programming
<potionbot> Title: I don't want to
*potionbot has quit ("programming!")

Oops.

Obvious solutions:

• Panicking: cut off all text after the first newline to prevent the injection.
• Vengeful: throw an error if there is a newline in the message (this is not legal in the IRC standard anyway).
• Posed: make the type of the fourth argument of ExIRC.Client.msg() a StringWithoutNewlines type, preventing the error at compile time.
• Creative: post several messages in IRC, one per line.

My preference goes to the last two, and specifically both of them at once:

• Make ExIRC.Client.msg() refuse newlines, preventing the application from starting if that's not guarded against, and
• Introduce a new ExIRC.Client.msg_multiline() method that posts several messages to accomodate for the line feeds.

For more ideas, see https://eiv.dev