CSV generation is not fully sanitized to prevent CSV injection.
According to https://owasp.org/www-community/attacks/CSV_Injection,
we have to use the following sanitization:
- Wrap each cell field in double quotes
- Prepend each cell field with a single quote
- Escape every double quote using an additional double quote
The patch https://review.opendev.org/c/openstack/horizon/+/679161
takes care of the double quotes. This patch adds a single quote to
the cell fields beginning with specific characters, so their content
will be read by a spreadsheet editor as text, not a formula.
Closes-Bug: #2048106
Change-Id: I882fe376613ff1dc13a61f38b59d2a2567dbba7d