ChatGPT/FastGPT
1
0
Fork 0
mirror of https://github.com/labring/FastGPT.git synced 2025-10-15 23:55:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
69559814e71085a02cea99a3f8b232b479322290
FastGPT/packages/service/common/file/csv.ts
heheer b6a258d494 fix vulnerability (#5098) 
* safe

* add get cookie

* fix

* fix

* fix
2025-06-27 14:35:38 +08:00

34 lines
1.0 KiB
TypeScript
Raw Blame History

// Function to escape CSV fields to prevent injection attacks
export const sanitizeCsvField = (field: String): string => {
if (field == null) return '';
let fieldStr = String(field);
// Check for dangerous starting characters that could cause CSV injection
if (fieldStr.match(/^[\=\+\-\@\|]/)) {
// Add prefix to neutralize potential formula injection
fieldStr = `'${fieldStr}`;
}
// Handle special characters that need escaping in CSV
if (
fieldStr.includes(',') ||
fieldStr.includes('"') ||
fieldStr.includes('\n') ||
fieldStr.includes('\r')
) {
// Escape quotes and wrap field in quotes
fieldStr = `"${fieldStr.replace(/"/g, '""')}"`;
}
return fieldStr;
};
export const generateCsv = (headers: string[], data: string[][]) => {
const sanitizedHeaders = headers.map((header) => sanitizeCsvField(header));
const sanitizedData = data.map((row) => row.map((cell) => sanitizeCsvField(cell)));
const csv = [sanitizedHeaders.join(','), ...sanitizedData.map((row) => row.join(','))].join('\n');
return csv;
};
Reference in New Issue View Git Blame Copy Permalink