openstack
/
horizon
Code Issues Proposed changes
horizon/horizon
History
Tatiana Ovchinnikova c6bba842af Sanitize data for CSV generation 
CSV generation is not fully sanitized to prevent CSV injection.
According to https://owasp.org/www-community/attacks/CSV_Injection,
we have to use the following sanitization:
 - Wrap each cell field in double quotes
 - Prepend each cell field with a single quote
 - Escape every double quote using an additional double quote

The patch https://review.opendev.org/c/openstack/horizon/+/679161
takes care of the double quotes. This patch adds a single quote to
the cell fields beginning with specific characters, so their content
will be read by a spreadsheet editor as text, not a formula.

Closes-Bug: #2048106

Change-Id: I882fe376613ff1dc13a61f38b59d2a2567dbba7d
 		2024-03-25 12:08:00 -05:00
..
browsers Address RemovedInDjango40Warning (2) 2022-02-04 16:22:07 +09:00
conf Replace remaining usage of ugettext_lazy 2022-03-23 21:40:31 +09:00
contrib Rename zh-cn and zh-tw translations to zh-hans and zh-hant 2021-02-18 09:57:27 +09:00
forms Address RemovedInDjango40Warning (7) 2022-02-04 16:27:32 +09:00
hacking flake8: Ensure local check in hacking 2.0.0 2020-01-27 02:43:48 +09:00
locale Imported Translations from Zanata 2024-01-14 05:38:23 +00:00
management Merge "Rename zh-cn and zh-tw translations to zh-hans and zh-hant" 2021-03-04 08:08:14 +00:00
middleware Merge "Address RemovedInDjango40Warning (7)" 2022-03-12 22:02:49 +00:00
static Merge "Fix deprecated use of 'jQuery.fn.focus()' shorthand event" 2023-05-09 20:12:25 +00:00
tables Address RemovedInDjango40Warning (7) 2022-02-04 16:27:32 +09:00
tabs Address RemovedInDjango40Warning (7) 2022-02-04 16:27:32 +09:00
templates Add TOTP support 2023-08-18 12:02:25 +00:00
templatetags Make site_branding tag work with Django 4.0 2023-10-16 08:40:20 +00:00
test Remove workaround for old django-pyscss 2024-02-02 03:23:43 +09:00
utils Sanitize data for CSV generation 2024-03-25 12:08:00 -05:00
workflows Address RemovedInDjango40Warning (7) 2022-02-04 16:27:32 +09:00
__init__.py Revert "Enable to refresh ngdetails view" 2017-08-02 18:31:22 +00:00
base.py Address RemovedInDjango40Warning (3) 2022-02-04 16:26:54 +09:00
cache.py Fix django-compress caching issues 2020-06-15 17:33:16 +03:00
context_processors.py Remove extraneous vim configuration comments 2014-05-06 15:30:10 +08:00
decorators.py Address RemovedInDjango40Warning (2) 2022-02-04 16:22:07 +09:00
defaults.py Merge "Create Horizon session control logic" 2022-03-03 18:57:00 +00:00
exceptions.py Address RemovedInDjango40Warning (2) 2022-02-04 16:22:07 +09:00
karma.conf.js Add expectations to identity specs 2020-12-18 10:22:57 -06:00
loaders.py pylint: fix several coding convention violations 2019-01-17 00:05:27 +09:00
messages.py Address RemovedInDjango40Warning (7) 2022-02-04 16:27:32 +09:00
notifications.py Address RemovedInDjango40Warning (2) 2022-02-04 16:22:07 +09:00
site_urls.py Address RemovedInDjango40Warning (3) 2022-02-04 16:26:54 +09:00
themes.py Define default settings explicitly (horizon) 2019-09-12 15:05:56 +09:00
version.py Remove extraneous vim configuration comments 2014-05-06 15:30:10 +08:00
views.py Address RemovedInDjango40Warning (1) 2022-01-31 22:42:41 +09:00