Ghost/ghost/members-csv/test
Daniel Lockyer de668e7950 🔒 Added escaping to member export CSV fields
fix https://linear.app/tryghost/issue/ENG-805/
refs https://owasp.org/www-community/attacks/CSV_Injection

- it's possible for certain fields in a member CSV export to be executed
  by software that opens the CSVs
- we can protect against this for the user by escaping any forumulae in
  the CSV fields
- papaparse provides this option natively, so it's just a case of
  providing the field to the unparse method
- credits to Harvey Spec (phulelouch) for reporting
2024-04-03 10:21:02 +02:00
..
fixtures 🐛 Handled BOM character for Unicode encoded file uploads (#17104) 2023-06-23 08:31:16 +02:00
.eslintrc.js Removed trailing commas from .eslintrc.js 2021-07-14 12:04:46 +01:00
parse.test.js 🐛 Handled BOM character for Unicode encoded file uploads (#17104) 2023-06-23 08:31:16 +02:00
unparse.test.js 🔒 Added escaping to member export CSV fields 2024-04-03 10:21:02 +02:00