diff options
| author | johnnyshields <[email protected]> | 2023-03-31 04:40:41 +0900 |
|---|---|---|
| committer | johnnyshields <[email protected]> | 2023-03-31 04:40:41 +0900 |
| commit | 0746815b75296bcf65d49a66f0dca1427ac65f3e (patch) | |
| tree | db99ace871993f5fa1bd80821527ab252a277d53 /README.md | |
| parent | c5ddbe7cd9bb15e8b247e6b5a5e359d02dd5b9fe (diff) | |
| download | caxlsx-0746815b75296bcf65d49a66f0dca1427ac65f3e.tar.gz caxlsx-0746815b75296bcf65d49a66f0dca1427ac65f3e.zip | |
Add settings for escape_formulas at global, workbook, worksheet, row and cell levels.
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 20 |
1 files changed, 20 insertions, 0 deletions
@@ -119,6 +119,26 @@ Currently the following additional gems are available: - [activeadmin-caxlsx](https://github.com/caxlsx/activeadmin-caxlsx) * An Active Admin plugin that includes DSL to create downloadable reports. +## Security + +To prevent [Formula Injection](https://www.owasp.org/index.php/CSV_Injection) vulnerabilities, set the following in an initializer: + +```ruby +Axlsx.escape_formulas = true +``` + +Then, set the following on each cell you'd like to add a formula: + +```ruby +cell.escape_formulas = true +``` + +Refer to examples/escape_formula.md for how to set `escape_formulas` on the workbook, worksheet, row and/or cell level. + +**Important:** The global setting `Axlsx.escape_formulas = true` will become the default in the next major release (Axlsx 4.0). +If you do not wish to set `Axlsx.escape_formulas = true` now, at a minimum, please set `Axlsx.escape_formulas = false` to +ensure continuity when upgrading. + ## Known Software Interoperability Issues As axslx implements the Office Open XML (ECMA-376 spec) much of the |