Add settings for escape_formulas at global, workbook, worksheet, row and cell levels.

author: johnnyshields <[email protected]> 2023-03-31 04:40:41 +0900
committer: johnnyshields <[email protected]> 2023-03-31 04:40:41 +0900
commit: 0746815b75296bcf65d49a66f0dca1427ac65f3e (patch)
tree: db99ace871993f5fa1bd80821527ab252a277d53 /lib/axlsx.rb
parent: c5ddbe7cd9bb15e8b247e6b5a5e359d02dd5b9fe (diff)
download: caxlsx-0746815b75296bcf65d49a66f0dca1427ac65f3e.tar.gz
caxlsx-0746815b75296bcf65d49a66f0dca1427ac65f3e.zip
1 files changed, 15 insertions, 0 deletions
diff --git a/lib/axlsx.rb b/lib/axlsx.rb
index 23082b71..c3532b72 100644
--- a/lib/axlsx.rb
+++ b/lib/axlsx.rb
@@ -201,4 +201,19 @@ module Axlsx
   def self.trust_input=(trust_me)
     @trust_input = trust_me
   end
+
+  # Whether to treat values starting with an equals sign as formulas or as literal strings.
+  # Allowing user-generated data to be interpreted as formulas is a security risk.
+  # See https://www.owasp.org/index.php/CSV_Injection for details.
+  # @return [Boolean]
+  def self.escape_formulas
+    @escape_formulas || false
+  end
+
+  # Sets whether to treat values starting with an equals sign as formulas or as literal strings.
+  # @param [Boolean] value The value to set.
+  def self.escape_formulas=(value)
+    Axlsx.validate_boolean(value)
+    @escape_formulas = value
+  end
 end
author	johnnyshields <[email protected]>	2023-03-31 04:40:41 +0900
committer	johnnyshields <[email protected]>	2023-03-31 04:40:41 +0900
commit	0746815b75296bcf65d49a66f0dca1427ac65f3e (patch)
tree	db99ace871993f5fa1bd80821527ab252a277d53 /lib/axlsx.rb
parent	c5ddbe7cd9bb15e8b247e6b5a5e359d02dd5b9fe (diff)
download	caxlsx-0746815b75296bcf65d49a66f0dca1427ac65f3e.tar.gz caxlsx-0746815b75296bcf65d49a66f0dca1427ac65f3e.zip