CsvDataAwareExporterOptions.PreventCsvInjection Property
Gets or sets a value indicating whether to prevent Formula Injection into the CSV file.
Namespace: DevExpress.XtraExport.Csv
Assembly: DevExpress.Printing.v24.2.Core.dll
Declaration
Property Value
Type | Description |
---|---|
Boolean | true, to prevent CSV Injection; otherwise, false. The default is false. |
Remarks
CSV Injection, or Formula Injection, occurs when a maliciously crafted formula is injected into a CSV file for subsequent import into a spreadsheet, which can execute this formula.
To prevent CSV Injection during data export, set the PreventCsvInjection property to true. In this case, quotation marks additionally appear around values that begin with any of the symbols below (regardless of the CsvDataAwareExporterOptions.QuoteTextValues property value):
- Equals to (“=”)
- Plus (“+”)
- Minus (“-“)
- At (“@”)
As a result, a formula is interpreted as a text string and is not evaluated by a spreadsheet.