Skip to main content

CsvDataAwareExporterOptions.PreventCsvInjection Property

Gets or sets a value indicating whether to prevent Formula Injection into the CSV file.

Namespace: DevExpress.XtraExport.Csv

Assembly: DevExpress.Printing.v24.2.Core.dll

Declaration

public bool PreventCsvInjection { get; set; }

Property Value

Type Description
Boolean

true, to prevent CSV Injection; otherwise, false. The default is false.

Remarks

CSV Injection, or Formula Injection, occurs when a maliciously crafted formula is injected into a CSV file for subsequent import into a spreadsheet, which can execute this formula.

To prevent CSV Injection during data export, set the PreventCsvInjection property to true. In this case, quotation marks additionally appear around values that begin with any of the symbols below (regardless of the CsvDataAwareExporterOptions.QuoteTextValues property value):

  • Equals to (“=”)
  • Plus (“+”)
  • Minus (“-“)
  • At (“@”)

As a result, a formula is interpreted as a text string and is not evaluated by a spreadsheet.

See Also