benjreinhart opened a new issue #13734: URL: https://github.com/apache/superset/issues/13734
### Expected results Certain values in a CSV should be escaped so they are not evaluated as commands or calculations. For example, if the value begins with `@`, `+`, `-`, `=`, `|`, or `%` then it should be preceded by a single quote. Pipes should be escaped with a backslash as well. ### Actual results Data is downloaded as is without the special characters being escaped. #### Screenshots If applicable, add screenshots to help explain your problem. #### How to reproduce the bug 1. Upload some data with values that start with one of the characters listed above (can do this via 'Upload a CSV' tab in the Data tab) 1. Go to SQL Lab or the Explore UI 1. When viewing results from a query 1. Click on download as CSV option 1. See that the downloaded data is not properly escaped ### Environment - superset version: latest master ### Checklist Make sure to follow these steps before submitting your issue - thank you! - [X] I have checked the superset logs for python stacktraces and included it here as text if there are any. - [X] I have reproduced the issue with at least the latest released version of superset. - [X] I have checked the issue tracker for the same issue and I haven't found one similar. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
