You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
It is recommended to sanitize the input fields of CSVs so that the content is read as text only by the spreadsheet editor
It is recommended to validate and sanitize the input fields of CSVs so that the content is read as text only by the spreadsheet editor. The appropriate content type should also be set in the response header when serving CSV files. For example, `Content-Type: text/csv`.
Additionally, dynamic formula injection can be prevented by not allowing user-supplied input to be directly interpreted as a calculation or formula. This can be achieved by removing the functionality, or implementing a separate mechanism that handles the user input securely.
