Last active
September 16, 2023 07:56
-
-
Save seanieb/1939fd1bc24db7980c5c0c8e09524b04 to your computer and use it in GitHub Desktop.
Prevent CSV Injection when suing user generated data
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def escape_csv(user_generated_string): | |
| """ | |
| CSV injection esacaping for Python. Excel treats a string as active content when it encounters a | |
| "trigger" character at the start of the string. This method returns the string with | |
| the triger character escaped. | |
| """ | |
| if user_generated_string[0] in ('@','+','-', '='): | |
| user_generated_string = "'" + user_generated_string | |
| return user_generated_string | |
| # Example | |
| user_generated_string = '@bob' | |
| print escape_csv(user_generated_string) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There is no need for duplication :) defusedcsv