Writing
+Injection Warning
+When opening a CSV in an external program, a formula in a field could be ran that contains a vulnerability.
+Read more here: CSV Injection.
+Due to this issue, there is a setting InjectionOptions that can be configured.
The list of injection characters to detect are configurable in CsvConfiguration.InjectionCharacters
+and default to =, @, +, -, \t, \r. An injection character can be the first character of a field
+or quoted field. i.e. =foo or "=foo"
The InjectionOptions values are None (default), Escape, Strip, and Exception.
None
+No injection protection is taken.
+Exception
+If an injection character is detected, a CsvWriterException is thrown.
Strip
+All injection characters at the start of a field will be removed. ===foo will be stripped to foo.
Escape
+If an injection character is detected, the field will be prepended with the InjectionEscapeCharacter
+that defaults to '. The field will be quoted if it is not already.
=one -> "'=one"
"=one" -> "'=one"
=one"two -> "'=one""two"
This option is disabled by default because the primary goal if this library is to read and write CSV
+files. If you are storing user entered data that you haven't sanitized yourself and you're letting
+it be accessed by people that may open in Excel/Sheets/etc, you might consider enabling this feature.
+The InjectionEscapeCharacter is not removed when reading.
When writing, you can throw an enumerable of class objects, dynamic objects, anonymous type objects, or pretty much +anything else, and it will get written.
+| Topics | ++ |
|---|---|
| Write Class Objects | ++ |
| Write Dynamic Objects | ++ |
| Write Anonymous Type Objects | ++ |
| Appending to an Existing File | ++ |