Currently, the CSV writer will output exactly what it is input. If the input starts with a formula trigger (+, =, or -) this will cause the formula to be executed in Excel/OpenOffice/LibreOffice/etc. When the spreadsheet data is generated from user input, this can be dangerous.
See this OWASP page about the security vulnerability. While some users may intentionally include formulas in their CSV files, there should be an option to escape them. This PR adds that option, escapeFormulas.
Currently, the CSV writer will output exactly what it is input. If the input starts with a formula trigger (+, =, or -) this will cause the formula to be executed in Excel/OpenOffice/LibreOffice/etc. When the spreadsheet data is generated from user input, this can be dangerous.
See this OWASP page about the security vulnerability. While some users may intentionally include formulas in their CSV files, there should be an option to escape them. This PR adds that option, escapeFormulas.