You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@commons.apache.org by RaguNath Hariharan <ra...@gmail.com> on 2019/03/27 10:35:19 UTC

[csv] How to prevent formula injection

Hi Team,

I am using Apache commons CSV 1.5 for generating CSV file. However I got to
know there is possibility on formula injection. Is there any option to
prevent formula injection ?

Regards
Ragunath

Re: [csv] How to prevent formula injection

Posted by Bernd Eckenfels <ec...@zusammenkunft.net>.

Unless you use QuoteMode.NONE or the wrong quoteChar you should be fine. 1.5 quoted more cases than 1.6 but both should quote all known critical characters.

Gruss
Bernd

Gruss
Bernd
--
http://bernd.eckenfels.net

________________________________
Von: RaguNath Hariharan <ra...@gmail.com>
Gesendet: Mittwoch, März 27, 2019 3:08 PM
An: user@commons.apache.org
Betreff: [csv] How to prevent formula injection

Hi Team,

I am using Apache commons CSV 1.5 for generating CSV file. However I got to
know there is possibility on formula injection. Is there any option to
prevent formula injection ?

Regards
Ragunath