Closed ghost closed 3 years ago
Could you provide an example replicating the issue and describe the solution you propose. This library is about creating generic CSV files, not preparing CSV file for a specific usage like for Excel. For those usages, I am not against providing an option to prevent certain data to match a set rules.
Could you provide an example replicating the issue
Please check owasp for more information about details
describe the solution you propose.
You are the developer and have to provide the solution. But you can check owasp for some examples.
This library is about creating generic CSV files, not preparing CSV file for a specific usage like for Excel
There are other tools which parse it the same way (libreoffice, google docs, collabora, ...)
You are the developer and have to provide the solution.
If I get paid for it. Otherwise, feel free to contribute a pull request.
See https://owasp.org/www-community/attacks/CSV_Injection for details.
But this is basically how the https://gitlab.com/lucaapp was used in germany to extract sensitive data. See https://twitter.com/mame82/status/1397425075654168576 for the original repost
It was checked that this library is not doing any kind of mitigation (neither with encoding these kind of cells as string nor with making sure that these kind of cells don't exist)