Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DataGrid] Do not miss to escape formulas in CSV export #13888

Merged
merged 2 commits into from
Jul 22, 2024
Merged

[DataGrid] Do not miss to escape formulas in CSV export #13888

merged 2 commits into from
Jul 22, 2024

Conversation

arminmeh
Copy link
Contributor

@arminmeh arminmeh commented Jul 18, 2024
edited by cherniavskii
Loading

Related to #13790

Delimiter and line break checks were happening before escaping and would keep the values unescaped if they were, for example, large numbers since they would have default delimiter in the formatted value

As mentioned in the issue

This issue occurs only for numbers with fewer than five digits

formula escape is adding double quotes around the value as recommended in CSV injection

Wrap each cell field in double quotes

Before: https://stackblitz.com/edit/react-rmcqtb-faujtv?file=Demo.js
After: https://codesandbox.io/p/sandbox/mui-mui-x-x-data-grid-forked-tfkf2x

@arminmeh arminmeh added security Pull requests that address a security vulnerability component: data grid This is the name of the generic UI component, not the React module! feature: Export labels Jul 18, 2024
@arminmeh arminmeh changed the title [DataGrid] Apply formula escaping first and wrap values in double quotes [DataGrid] Do not miss to escape formulas in CSV export Jul 18, 2024
@mui-bot
Copy link

mui-bot commented Jul 18, 2024
edited
Loading

Deploy preview: https://deploy-preview-13888--material-ui-x.netlify.app/

Generated by 🚫 dangerJS against cf9faee

@arminmeh arminmeh merged commit caff80a into mui:master Jul 22, 2024
17 checks passed
@arminmeh arminmeh deleted the apostrophe-in-csv-export branch July 22, 2024 20:46
DungTiger pushed a commit to DungTiger/mui-x that referenced this pull request Jul 23, 2024
@arminmeh @DungTiger
[DataGrid] Do not miss to escape formulas in CSV export (mui#13888)
4064426
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cherniavskii cherniavskii cherniavskii approved these changes

@MBilalShafi MBilalShafi Awaiting requested review from MBilalShafi

@michelengelen michelengelen Awaiting requested review from michelengelen

Assignees
No one assigned
Labels
component: data grid This is the name of the generic UI component, not the React module! feature: Export security Pull requests that address a security vulnerability
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@arminmeh @mui-bot @cherniavskii