Prevent CSV Injection for v7.0.x

[rzhov]

Problem is exactly the same as was described here for the similar lib json-2-csv v3.x https://github.com/mrodrig/json-2-csv/issues/209

Is preventCsvInjection option available for this json2csv lib v7.0.x ? Project documentation completely misses this part.

[juanjoDiaz]

Hi @rzhov,

This is documented here: https://juanjodiaz.github.io/json2csv/#/others/known-gotchas?id=avoiding-csv-injection

Although the documentation is a bit old. I will rewrite it when I have some time.

Basically you need to use the excelString formatter (see https://juanjodiaz.github.io/json2csv/#/advanced-options/formatters?id=string-excel)

The excel strings wraps every cell's data in ="<cell_data>" so Excel interprets correctly the content as a string regardless of characters that could be interpreted in other way.

The solution used by json-2-csv is simply incorrect as it removes characters from the cell's content.

[juanjoDiaz]

Closing s this was responded. Please let me know if there is anything else that you are unsure about.