From 2a1cd4fda8a4a8e649910d16b4dfa1ce7ae63543 Mon Sep 17 00:00:00 2001 From: chai <215380520@qq.com> Date: Fri, 12 May 2023 09:24:40 +0800 Subject: *misc --- .../input/examples/writing/index.md | 51 ++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 ThirdParty/CsvHelper-master/src/CsvHelper.Website/input/examples/writing/index.md (limited to 'ThirdParty/CsvHelper-master/src/CsvHelper.Website/input/examples/writing/index.md') diff --git a/ThirdParty/CsvHelper-master/src/CsvHelper.Website/input/examples/writing/index.md b/ThirdParty/CsvHelper-master/src/CsvHelper.Website/input/examples/writing/index.md new file mode 100644 index 0000000..d019dd6 --- /dev/null +++ b/ThirdParty/CsvHelper-master/src/CsvHelper.Website/input/examples/writing/index.md @@ -0,0 +1,51 @@ +# Writing + +

Injection Warning

+ +When opening a CSV in an external program, a formula in a field could be ran that contains a vulnerability. +Read more here: [CSV Injection](https://owasp.org/www-community/attacks/CSV_Injection). +Due to this issue, there is a setting `InjectionOptions` that can be configured. + +The list of injection characters to detect are configurable in `CsvConfiguration.InjectionCharacters` +and default to `=`, `@`, `+`, `-`, `\t`, `\r`. An injection character can be the first character of a field +or quoted field. i.e. `=foo` or `"=foo"` + +The `InjectionOptions` values are `None` (default), `Escape`, `Strip`, and `Exception`. + +###### None + +No injection protection is taken. + +###### Exception + +If an injection character is detected, a `CsvWriterException` is thrown. + +###### Strip + +All injection characters at the start of a field will be removed. `===foo` will be stripped to `foo`. + +###### Escape + +If an injection character is detected, the field will be prepended with the `InjectionEscapeCharacter` +that defaults to `'`. The field will be quoted if it is not already. + +`=one` -> `"'=one"` + +`"=one"` -> `"'=one"` + +`=one"two` -> `"'=one""two"` + +This option is disabled by default because the primary goal if this library is to read and write CSV +files. If you are storing user entered data that you haven't sanitized yourself and you're letting +it be accessed by people that may open in Excel/Sheets/etc, you might consider enabling this feature. +The `InjectionEscapeCharacter` is not removed when reading. + +When writing, you can throw an enumerable of class objects, dynamic objects, anonymous type objects, or pretty much +anything else, and it will get written. + +Topics |   +- | - +[Write Class Objects](~/examples/writing/write-class-objects) | +[Write Dynamic Objects](~/examples/writing/write-dynamic-objects) | +[Write Anonymous Type Objects](~/examples/writing/write-anonymous-type-objects) | +[Appending to an Existing File](~/examples/writing/appending-to-an-existing-file) | -- cgit v1.1-26-g67d0