Csv-sanitize

A tiny npm package (5.0 kB) that provides a function to sanitize CSV files to prevent CSV Injection attacks as per the recommendations of the Open Web Application Security Project (OWASP).

Ideally you'll use a csv parser (eg papaparse) and this package is just an extra layer of sanitization to prevent the following:

This package its means to prevent aginst:

Cells begining with:

Equals to (=)
Plus (+)
Minus (-)
At (@)
Tab (0x09)
Carriage return (0x0D)

Remove any possible parentheses,
Remove the field separator (eg ',' or ';') and quotation marks (eg ' or "), as a possible starting point for a new hidden cell.

Installation

npm install csv-sanitize

yarn add csv-sanitize

Usage

import { sanitizeCsv } from 'csv-sanitizer';

const originalCsv = `name,email,phone
John Doe,john@example.com,123-456-7890
Jane Doe,jane@example.com,987-654-3210`;

const sanitizedCsv = sanitizeCsv(originalCsv);

console.log(sanitizedCsv);
// Output:
// "name","email","phone"
// "'John Doe","john@example.com","123-456-7890"
// "'Jane Doe","jane@example.com","987-654-3210"

References

OWASP CSV Injection

csv-sanitize

Csv-sanitize

Installation

Usage

References

Readme

Keywords

Package Sidebar

Install

Repository

Homepage

Weekly Downloads

Version

License

Unpacked Size

Total Files

Last publish

Collaborators

csv-sanitize

Csv-sanitize

Installation

Usage

References

Readme

Keywords

Package Sidebar

Install

Repository

Homepage

DownloadsWeekly Downloads

Version

License

Unpacked Size

Total Files

Last publish

Collaborators

Weekly Downloads