I am using workBook = WorkbookFactory.create(fis); to read excel files. I found something strange, I opened the file with notepad++ and added some text at the end of the file and tampered it. The WorkbookFactory.create(fis) still works and opens the file!!! I have attached a sample file.
Is this some built-in feature which fixes this file. I am adding screenshot of the file which I change in notepad++ --------------------- The source of the problem is that I get the excel file from the users via upload and pass this file to WorkbookFactory. I thought that the WorkbookFactory checks the file validity and I was not worried about a hacker who tries to add some code or script and send it to me via excel.
Sample-email.xlsx
Description: MS-Excel 2007 spreadsheet
--------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@poi.apache.org For additional commands, e-mail: dev-h...@poi.apache.org
