Formatter for league/csv package to increase security for csv exports with user generated content. For more information about the security risks of user generated content in csv exports, please read http://georgemauer.net/2017/10/07/csv-injection.html.
You can install the package via composer:
composer require inthere/csv-security-formatter
Start the formatter. The formatter accept a boolean as parameter, provide false
when you want to remove the formula
instead of escaping.
$csvSecurityFormatter = new \InThere\CsvSecurityFormatter\CsvSecurityFormatter();
Provide the formula to the writer.
$writer = Writer::createFromFileObject(new SplTempFileObject());
$writer->addFormatter($csvSecurityFormatter);
$writer->insertOne(['=2*5', 'foo', 'bar']);
Create the csv.
$writer->__toString();
$ vendor/bin/phpunit
Contributions are welcome. We accept contributions via pull requests on Github.
The MIT License (MIT). Please see the License File for more information.
InThere - "The training Through Gaming Company" - speeds up training your team and change processes by providing a micro-training concept based on serious games.