Tryton - Issues

 

Issue6834

Title Add csv protection against spreadsheets
Priority feature Status chatting
Superseder Nosy List ced, pokoli, semarie
Type behavior Components sao, tryton
Assigned To Keywords easy
Reviews

Created on 2017-10-10.15:11:19 by ced, last changed by ced.

Messages
msg36203 (view) Author: [hidden] (ced) (Tryton committer) (Tryton translator) Date: 2017-10-11.11:14:55
Indeed it may be a better solution to ask the user before making an escape.
msg36192 (view) Author: [hidden] (semarie) Date: 2017-10-11.08:34:18
does it really belong to tryton to add some kind of char escapement because some spreadsheet software will interprete chars as active ?

additionally, it could be really complex to add workarounds for some spreadsheets software (badly designed ?) and not break some others spreadsheets.

eventually it could make sens to add some warning at export stage to inform user that exported lines contains potentially harmful chars ? (the warning would occurs only if such lines are present).
msg36183 (view) Author: [hidden] (ced) (Tryton committer) (Tryton translator) Date: 2017-10-10.15:11:19
I think we should implement the protection described in http://georgemauer.net/2017/10/07/csv-injection.html as it is probably the most common usage to open the file from the client.
History
Date User Action Args
2017-10-11 11:14:55cedsetmessages: + msg36203
2017-10-11 08:34:19semariesetstatus: unread -> chatting
nosy: + semarie
messages: + msg36192
2017-10-10 15:42:30pokolisetnosy: + pokoli
2017-10-10 15:35:30cedsetkeyword: + easy
2017-10-10 15:11:19cedcreate

Showing 10 items. Show all history (warning: this could be VERY long)