CsvHelper icon indicating copy to clipboard operation
CsvHelper copied to clipboard

Published 20 hours ago verified publisher icon JoshClose

Update the default value for InjectionCharacters and InjectionEscapeCharacter

Open chucklu opened this issue 4 years ago • 1 comments
trafficstars

Is your feature request related to a problem? Please describe. Csv injection attack, we need update the default value of InjectionCharacters and InjectionEscapeCharacter in JoshClose\CsvHelper\src\CsvHelper\Configuration\CsvConfiguration.cs

Describe the solution you'd like public virtual char[] InjectionCharacters { get; set; } = new[] { '=', '@', '+', '-','\t','\r' }; public virtual char InjectionEscapeCharacter { get; set; } = ''';

Additional context The following two characters can also be used a injection character Tab (0x09) Carriage return (0x0D)

chucklu avatar Sep 09 '21 03:09 chucklu

I made proposed changes, but not sure about that commit - https://github.com/KonH/CsvHelper/commit/4e76b5d8ebc4e0a696644d8c8b811a6fd86a05d4 @chucklu Could you please review it?

KonH avatar Oct 03 '21 06:10 KonH

Fixed in next release.

JoshClose avatar Oct 04 '22 21:10 JoshClose