search

pietrop / slate-transcript-editor

A React component to make correcting automated transcriptions of audio and video easier and faster. Using the SlateJs editor.
https://pietrop.github.io/slate-transcript-editor
Other
73 stars 33 forks source link

CSV composer escape injection #72

Closed pietrop closed 3 years ago

pietrop commented 3 years ago

Is your Pull Request request related to another issue in this repository ?

Issue with escaping char in CSV output to prevent CSV injection.

https://owasp.org/www-community/attacks/CSV_Injection

Describe what the PR does

adds a ' at the beginning of every text line of the CSV to escape potential CSV injection.

State whether the PR is ready for review or whether it needs extra work

Ready to review Additional context

NA

Example output, notice the ' and how it "escapes" the CSV injection command =cmd|' /C calc'!'A1' that could be added at the beginning of a line.

Screen Shot 2021-06-24 at 12 31 25 PM
pietrop commented 3 years ago

PS: There's an issue with the tests (jest) across the repo, that needs to be addressed as separate issue/PR