-
-
Save tabiodun/dc104fa11164fe7ec3358d60bdd9634d to your computer and use it in GitHub Desktop.
Prevent CSV Injection when suing user generated data
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def escape_csv(user_generated_string): | |
| """ | |
| CSV injection esacaping for Python. Excel treats a string as active content when it encounters a | |
| "trigger" character at the start of the string. This method returns the string with | |
| the triger character escaped. | |
| """ | |
| if user_generated_string[0] in ('@','+','-', '='): | |
| user_generated_string = "'" + user_generated_string | |
| return user_generated_string | |
| # Example | |
| user_generated_string = '@bob' | |
| print escape_csv(user_generated_string) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment