diff options
| author | johnnyshields <[email protected]> | 2023-03-31 04:40:41 +0900 |
|---|---|---|
| committer | johnnyshields <[email protected]> | 2023-03-31 04:40:41 +0900 |
| commit | 0746815b75296bcf65d49a66f0dca1427ac65f3e (patch) | |
| tree | db99ace871993f5fa1bd80821527ab252a277d53 /lib/axlsx/workbook/worksheet/worksheet.rb | |
| parent | c5ddbe7cd9bb15e8b247e6b5a5e359d02dd5b9fe (diff) | |
| download | caxlsx-0746815b75296bcf65d49a66f0dca1427ac65f3e.tar.gz caxlsx-0746815b75296bcf65d49a66f0dca1427ac65f3e.zip | |
Add settings for escape_formulas at global, workbook, worksheet, row and cell levels.
Diffstat (limited to 'lib/axlsx/workbook/worksheet/worksheet.rb')
| -rw-r--r-- | lib/axlsx/workbook/worksheet/worksheet.rb | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/lib/axlsx/workbook/worksheet/worksheet.rb b/lib/axlsx/workbook/worksheet/worksheet.rb index dca483dc..f50e6b94 100644 --- a/lib/axlsx/workbook/worksheet/worksheet.rb +++ b/lib/axlsx/workbook/worksheet/worksheet.rb @@ -16,12 +16,15 @@ module Axlsx # @option options [Hash] page_margins A hash containing page margins for this worksheet. @see PageMargins # @option options [Hash] print_options A hash containing print options for this worksheet. @see PrintOptions # @option options [Hash] header_footer A hash containing header/footer options for this worksheet. @see HeaderFooter - # @option options [Boolean] show_gridlines indicates if gridlines should be shown for this sheet. + # @option options [Boolean] show_gridlines Whether gridlines should be shown for this sheet. + # @option options [Boolean] escape_formulas Whether formulas should be escaped by default. Can be overridden at a + # row/cell level. def initialize(wb, options={}) self.workbook = wb @sheet_protection = nil initialize_page_options(options) parse_options options + self.escape_formulas = wb.escape_formulas if @escape_formulas.nil? @workbook.worksheets << self @sheet_id = index + 1 yield self if block_given? @@ -46,6 +49,20 @@ module Axlsx @name ||= "Sheet" + (index+1).to_s end + # Whether to treat values starting with an equals sign as formulas or as literal strings. + # Allowing user-generated data to be interpreted as formulas is a security risk. + # See https://www.owasp.org/index.php/CSV_Injection for details. + # @return [Boolean] + attr_reader :escape_formulas + + # Sets whether to treat values starting with an equals sign as formulas or as literal strings. + # @param [Boolean] value The value to set. + # @return [Boolean] + def escape_formulas=(value) + Axlsx.validate_boolean(value) + @escape_formulas = value + end + # Specifies the visible state of this sheet. Allowed states are # :visible, :hidden or :very_hidden. The default value is :visible. # @@ -413,6 +430,7 @@ module Axlsx # Allowing user generated data to be interpreted as formulas can be dangerous # (see https://www.owasp.org/index.php/CSV_Injection for details). def add_row(values=[], options={}) + options[:escape_formulas] = escape_formulas if options[:escape_formulas].nil? row = Row.new(self, values, options) update_column_info row, options.delete(:widths) yield row if block_given? @@ -835,6 +853,5 @@ module Axlsx return if !auto_filter.range workbook.add_defined_name auto_filter.defined_name, name: '_xlnm._FilterDatabase', local_sheet_id: index, hidden: 1 end - end end |