Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DataGrid] Escape formulas in CSV and Excel export #13115

Merged
merged 16 commits into from
May 20, 2024
Merged

[DataGrid] Escape formulas in CSV and Excel export #13115

merged 16 commits into from
May 20, 2024

Conversation

cherniavskii
Copy link
Member

@cherniavskii cherniavskii commented May 13, 2024
edited

Closes #11702

  • docs

@cherniavskii cherniavskii added the component: data grid This is the name of the generic UI component, not the React module! label May 13, 2024
@mui-bot
Copy link

mui-bot commented May 13, 2024
edited

Deploy preview: https://deploy-preview-13115--material-ui-x.netlify.app/

Updated pages:

Generated by 🚫 dangerJS against 5f2dec9

@cherniavskii cherniavskii added security Pull requests that address a security vulnerability feature: Export enhancement This is not a bug, nor a new feature labels May 16, 2024
@cherniavskii cherniavskii requested a review from a team May 16, 2024 18:05
cherniavskii
cherniavskii commented May 16, 2024
View reviewed changes
packages/x-data-grid/src/models/gridExport.ts Outdated
/**
* If `true`, the formulas in the cells will be escaped.
* It is recommended to set this to `true` for security reasons.
* @default false
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mui/xgrid What do you think about making it true by default?
Technically, it's a breaking change, but it's also a security fix.
Any objections?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No objection, we should change it.

@cherniavskii cherniavskii marked this pull request as ready for review May 16, 2024 18:07
romgrk
romgrk reviewed May 17, 2024
View reviewed changes
packages/x-data-grid/src/models/gridExport.ts Outdated
* It is recommended to set this to `true` for security reasons.
* @default false
*/
escapeFormulae?: boolean;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

escapeFormulas? From what I can read online formulas seems to be the most popular plural for formula.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I followed the same naming that exceljs used:

mui-x/packages/x-data-grid-premium/src/hooks/features/export/serializer/excelSerializer.ts

Line 123 in 760ea7e

formulae: [

But I actually prefer escapeFormulas, I'll update 👍🏻

@cherniavskii cherniavskii merged commit 8515a27 into mui:master May 20, 2024
17 checks passed
@cherniavskii cherniavskii deleted the escape-fomulas branch May 20, 2024 09:41
cherniavskii added a commit to cherniavskii/mui-x that referenced this pull request May 20, 2024
@cherniavskii
[DataGrid] Escape formulas in CSV and Excel export (mui#13115)
5adf202
@cherniavskii cherniavskii mentioned this pull request May 20, 2024
Merged
cherniavskii added a commit that referenced this pull request May 22, 2024
@cherniavskii
[DataGrid] Escape formulas in CSV and Excel export (#13115) (#13190)
c9286cf
arthurbalduini pushed a commit to arthurbalduini/mui-x that referenced this pull request May 23, 2024
@cherniavskii
[DataGrid] Escape formulas in CSV and Excel export (mui#13115)
49f9bc4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@flaviendelangle flaviendelangle flaviendelangle left review comments

@romgrk romgrk romgrk approved these changes

@michelengelen michelengelen michelengelen approved these changes

Assignees
No one assigned
Labels
component: data grid This is the name of the generic UI component, not the React module! enhancement This is not a bug, nor a new feature feature: Export security Pull requests that address a security vulnerability
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[data grid] Sanitize cells with formulas for CSV export used in Excel
5 participants
@cherniavskii @mui-bot @romgrk @flaviendelangle @michelengelen