From 0746815b75296bcf65d49a66f0dca1427ac65f3e Mon Sep 17 00:00:00 2001
From: johnnyshields <johnny.shields@gmail.com>
Date: Fri, 31 Mar 2023 04:40:41 +0900
Subject: Add settings for escape_formulas at global, workbook, worksheet, row
 and cell levels.

---
 README.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 697b71d7..2c1076c5 100644
--- a/README.md
+++ b/README.md
@@ -119,6 +119,26 @@ Currently the following additional gems are available:
 - [activeadmin-caxlsx](https://github.com/caxlsx/activeadmin-caxlsx)
   * An Active Admin plugin that includes DSL to create downloadable reports.
 
+## Security
+
+To prevent [Formula Injection](https://www.owasp.org/index.php/CSV_Injection) vulnerabilities, set the following in an initializer:
+
+```ruby
+Axlsx.escape_formulas = true
+```
+
+Then, set the following on each cell you'd like to add a formula:
+
+```ruby
+cell.escape_formulas = true
+```
+
+Refer to examples/escape_formula.md for how to set `escape_formulas` on the workbook, worksheet, row and/or cell level.
+
+**Important:** The global setting `Axlsx.escape_formulas = true` will become the default in the next major release (Axlsx 4.0).
+If you do not wish to set `Axlsx.escape_formulas = true` now, at a minimum, please set `Axlsx.escape_formulas = false` to
+ensure continuity when upgrading.
+
 ## Known Software Interoperability Issues
 
 As axslx implements the Office Open XML (ECMA-376 spec) much of the
-- 
cgit v1.2.3