Handling CSV Injection while exporting report as CSV file

Stimulsoft Reports.Silverlight discussion
Post Reply
shyam.pundkar
Posts: 39
Joined: Fri Feb 21, 2014 9:26 am

Handling CSV Injection while exporting report as CSV file

Post by shyam.pundkar » Tue Nov 28, 2017 6:54 am

Hi everyone,

Is there any way to prevent csv injection while exporting the reports as CSV file?

Detailed Description:

For example we have got following csv output from report.

-------CSV with CSV Injection---------
Id,Name,Description
1,ABC,=5+4
-------CSV Ends----------

If we open the above csv file in excel then it interprets the last cell value (=5+4) as equation and shows 9 as cell value.
Is there any way to attach simple space char or single quote(') char as prefix while exporting the report in csv as shown below? This will fix our problem of CSV injection.

-------CSV with Fix---------
Id,Name,Description
1,ABC,'=5+4
-------CSV Ends----------

Please let me know if further information required.

Regards,
Shyam
alfa
Posts: 2
Joined: Mon Nov 20, 2017 1:43 pm

Re: Handling CSV Injection while exporting report as CSV fil

Post by alfa » Tue Nov 28, 2017 10:36 am

Hello.

Why don't you just add a single quote(') before your expression? Something like this

Code: Select all

'{DataSource.Column}
Thank you.
shyam.pundkar
Posts: 39
Joined: Fri Feb 21, 2014 9:26 am

Re: Handling CSV Injection while exporting report as CSV fil

Post by shyam.pundkar » Wed Nov 29, 2017 5:15 am

Thanks for your comments Alfa.

Actually we have to do the change at lot of places as we have some 100s of columns which needed to fixed. This change will also reflect in viewer as well as other export file formats.
Another issue is human error for future enhancements. Developer may miss this fix if new columns are added during improvements.

If we can get some configuration in stimulsoft library then it would be easy and full-proof fix.
HighAley
Posts: 8065
Joined: Wed Jun 08, 2011 7:40 am
Location: Stimulsoft Office

Re: Handling CSV Injection while exporting report as CSV fil

Post by HighAley » Mon Dec 04, 2017 10:36 am

Hello.

You could handle the Exported event and try to do necessary changes there.
If you need this feature, please, write a request to support@stimulsoft.com.

Thank you.
Post Reply