A tiny npm package (5.0 kB) that provides a function to sanitize CSV files to prevent CSV Injection attacks as per the recommendations of the Open Web Application Security Project (OWASP).
Ideally you'll use a csv parser (eg papaparse) and this package is just an extra layer of sanitization to prevent the following:
This package its means to prevent aginst:
- Cells begining with:
- Equals to (=)
- Plus (+)
- Minus (-)
- At (@)
- Tab (0x09)
- Carriage return (0x0D)
- Remove any possible parentheses,
- Remove the field separator (eg ',' or ';') and quotation marks (eg ' or "), as a possible starting point for a new hidden cell.
npm install csv-sanitize
yarn add csv-sanitize
import { sanitizeCsv } from 'csv-sanitizer';
const originalCsv = `name,email,phone
John Doe,john@example.com,123-456-7890
Jane Doe,jane@example.com,987-654-3210`;
const sanitizedCsv = sanitizeCsv(originalCsv);
console.log(sanitizedCsv);
// Output:
// "name","email","phone"
// "'John Doe","john@example.com","123-456-7890"
// "'Jane Doe","jane@example.com","987-654-3210"