Hi guys, thanks for your reply.
Maybe I'm misinterpreting something but I thought that it could be made possible to configure CSVFormat-object when writing the CSV data in a way that any data with possibly corrupting values (as shown on the OWASP page) will mask the whole contents of the cell. Thus a library such as commons-csv would be able to lower the risk for CSV injection and not every client/customer would have to manually create this protecting logic. To my mind it's a simple parser for "dangerous" tokens that quotes the given data with additional " .... as we do not need to write functioning Excel formulas into CSV. WDYT? Cheers, Phil Am 10.11.21 um 20:53 schrieb Gary Gregory: > I agree with Matt. CSV is just a container, it doesn't know or care what > the concept of a "formula" is. > > Gary
OpenPGP_signature
Description: OpenPGP digital signature