Open lukejpreston opened 1 year ago
Hey @lukejpreston , I have a similar requirement. Were you able to make this work? Thank you
@Pralish We never got a satisfactory solution for this. Not all files with functions have CSV injections, and customers would upload legitimate functions and styles in their spreadsheets. Editing files would destroy the functionality. Our solution is to put a warning message up for users. This could be better, but we needed help finding libraries or virus detection tools to find CSV injections.
Some things we found which might be helpful
'
to their input to prevent any CSV injection
We trying to sanitise CSV and Spreadsheets to prevent CSV injection, the OWASP link with details on the vulnerability is here
Our proposed solution is:
exposeOriginalFile: true
onFileSelected
hook to get the file before it is uploadedoriginalFile
return {...file, originalFile}
as part of theonFileSelected
callback if the file has been changedExpected Behavior
It should upload the changed file
Current Behavior
It uploads the original file, not the changed one
Possible Solution
Context
Here is the code we are using
We have checked a couple of things to debug this
name
changes the uploaded file, this works as expectedYour Environment
"filestack-js": "^1.5.1"