feat(csv-stringify): Add escape_formulas to defend against injection attacks

adaltas / node-csv

Full featured CSV parser with simple api and tested against large datasets.

https://csv.js.org

MIT License

4.05k stars 267 forks source link

feat(csv-stringify): Add escape_formulas to defend against injection attacks #380

Closed atlanteh closed 1 year ago

atlanteh commented 1 year ago

This PR allows setting simple parameter to defend against CSV injection attacks by adding escape_formulas parameter that escapes values that start with =, +, -, @, \t, or \r with a '

atlanteh commented 1 year ago

@wdavidw Can you please review?

atlanteh commented 1 year ago

@wdavidw PR updated according to your review

wdavidw commented 1 year ago

Thank you for your contribution, I'll take it from there.