-
-
Notifications
You must be signed in to change notification settings - Fork 8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"[Content_Types].xml" exported from js-xlsx
contains "macroEnabled" ContentType
#1501
Comments
So we can reproduce, what anti-virus scanners are tripping based on this? |
At least our inhouse firewall. |
Some scanners will look for .bin files as evidence of macros, but slightly more sophisticated scanners will look through |
|
Yes, I am aware of the XLSB format (and we don't flag them), but this issue relates to XLSX files. |
|
i have the same problem , i am getting this message in my firewall : File Contains VBA Macro blocked , Gateway Anti-virus Alert |
@TommyAlfaro is it blocking files with VBA macros (XLSM with bookVBA: true) or is it blocking the XLSX files too? Can you see if the XLSX export from https://sheetjs.com/demo/table is blocked? While we're at it, is the XLSB blocked as well? |
Maybe I should explain more, i am making a docker image which contains an
angular project with your library, the firewall blocked the container
image.
I probed with the Excel file generated on https://sheetjs.com/demo/table
and wasn't blocked
El jue., 8 oct. 2020 a las 21:42, SheetJSDev (<notifications@github.com>)
escribió:
… @TommyAlfaro <https://github.com/TommyAlfaro> is it blocking files with
VBA macros (XLSM with bookVBA: true) or is it blocking the XLSX files too?
Can you see if the XLSX export from https://sheetjs.com/demo/table is
blocked? While we're at it, is the XLSB blocked as well?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1501 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AH3QBTAQMMXIYVRGGFZDX7TSJ2BCJANCNFSM4HMIKDYA>
.
|
Let me ask differently: does the module itself (the thing you get when you run |
I just checked, if i remove xlsx i don't have problem sending the docker image, Tomorrow i'm gonna ask to firewall owner the log and i'll send you. |
Since the library is capable of reading and writing XLSM files with macros, certain tell-tale strings are in the source. https://github.com/SheetJS/sheetjs/blob/master/bits/30_ctype.js#L153 for example we need to set a content type to a string with an offensive word like If you can confirm that the source is causing the issue, we might be able to design a workaround by programmatically generating the word in a way that won't easily be optimized into the offending word. I'd be curious to know more about why it's being flagged |
@TommyAlfaro please follow up and let us know what may be causing issues. @jorangreef if you have control over the scanner, it should check for the existence of an xl/vbaProject.bin or similar in the file. If you would like to send a PR to suppress the |
I noticed that when creating an XLSX using
js-xlsx
, the resulting[Content_Types].xml
listing includes an unnecessarymacroEnabled
ContentType, even though the generated XLSX has no macros:This ContentType for the corresponding "bin" extension should only be included if the exported XLSX does in fact have macros.
Otherwise, anti-virus scanners which inspect XLSX ZIPs and scan
[Content_Types].xml
will reject the file thinking it has macros.The text was updated successfully, but these errors were encountered: