----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/75303/#review227150 -----------------------------------------------------------
As we are going to sanitize this characters - ['=', '+', '-', '@', "\t", "\r"] when used at the beginning of a CSV field, but what about field separator (e.g., ‘,’, or ‘;’) and quotes (e.g., ', or ") getting used in the middle of the user input ? For eg : if a field contains user input like "John", "=TEST()", the quote might be misinterpreted, and the formula =TEST() might be treated as a separate formula in the spreadsheet program. @Madhan, can you please comment if we need to handle such scenario also ? - Mugdha Varadkar On Dec. 11, 2024, 2:39 p.m., Rakesh Gupta wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/75303/ > ----------------------------------------------------------- > > (Updated Dec. 11, 2024, 2:39 p.m.) > > > Review request for ranger, Dineshkumar Yadav, Kishor Gollapalliwar, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, > sanket shelar, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-5015 > https://issues.apache.org/jira/browse/RANGER-5015 > > > Repository: ranger > > > Description > ------- > > Best Practices for Safe and Optimized CSV and Excel Exports > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > a21b8c8d2 > > > Diff: https://reviews.apache.org/r/75303/diff/1/ > > > Testing > ------- > > Tested and verified that the "/plugins/policies/downloadExcel" and > "/plugins/policies/csv" APIs implement best practices for exporting CSV and > Excel files. > > > Thanks, > > Rakesh Gupta > >
