Skip to content

feat: update to IETF CSV++ spec draft-01 and add CSV injection prevention #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
osamingo merged 2 commits into from
Jan 28, 2026
Merged

feat: update to IETF CSV++ spec draft-01 and add CSV injection prevention #2

osamingo merged 2 commits into from
Jan 28, 2026

Conversation

@osamingo
Copy link
Owner

@osamingo osamingo commented Jan 28, 2026

Summary

  • Update spec reference from draft-mscaldas-csvpp-00 to draft-mscaldas-csvpp-01
  • Add HasFormulaPrefix function for CSV injection detection
  • Add documentation about CSV injection risks and mitigation

Changes

Spec Update

No implementation changes required - draft-01 only adds documentation and security guidance.

Security Feature

New HasFormulaPrefix(s string) bool function detects values starting with =, +, -, @ which spreadsheet applications may interpret as formulas.

if csvpp.HasFormulaPrefix(value) {
    value = "'" + value // Escape for spreadsheet safety
}

Test plan

  • All existing tests pass
  • New TestHasFormulaPrefix test added
  • gofumpt and gostyle checks pass

🤖 Generated with Claude Code

osamingo and others added 2 commits January 28, 2026 20:35
@osamingo @claude
docs: update IETF CSV++ spec reference to draft-01
01ba1fe 
- Update spec reference from draft-mscaldas-csvpp-00 to draft-mscaldas-csvpp-01
- No implementation changes required (only documentation/security guidance updates in spec)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@osamingo @claude
feat(csvpp): add HasFormulaPrefix for CSV injection prevention
df769aa 
- Add HasFormulaPrefix function to detect spreadsheet formula prefixes (=, +, -, @)
- Add documentation about CSV injection risks and mitigation
- Following IETF CSV++ draft-01 security guidance (Section 10.1)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@osamingo osamingo self-assigned this Jan 28, 2026
@osamingo osamingo marked this pull request as ready for review January 28, 2026 11:46
@osamingo osamingo merged commit 5a10bc4 into main Jan 28, 2026
3 checks passed
@osamingo osamingo deleted the feat/update-to-spec-01 branch January 28, 2026 11:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@osamingo osamingo

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@osamingo