Verify csv content during uploads
Opened this issue · 0 comments
vinayvenu commented
See
https://owasp.org/www-community/attacks/CSV_Injection
http://georgemauer.net/2017/10/07/csv-injection.html
To mitigate these concerns, it will be good to
- Add quotes and a tab at the beginning of a cell when the cell starts with =, +, - or @.
- Ensure this is removed when actually processing the file (to prevent fails for phone numbers, negative numbers etc