Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Downloading as CSV should properly escape the values #13734

Closed
3 tasks done
benjreinhart opened this issue Mar 22, 2021 · 0 comments · Fixed by #13735
Closed
3 tasks done

Downloading as CSV should properly escape the values #13734

benjreinhart opened this issue Mar 22, 2021 · 0 comments · Fixed by #13735
Labels
data:csv Related to import/export of CSVs

Comments

@benjreinhart
Copy link
Contributor

benjreinhart commented Mar 22, 2021
edited
Loading

Expected results

Certain values in a CSV should be escaped so they are not evaluated as commands or calculations. For example, if the value begins with @, +, -, =, |, or % then it should be preceded by a single quote. Pipes should be escaped with a backslash as well.

Actual results

Data is downloaded as is without the special characters being escaped.

How to reproduce the bug

  1. Upload some data with values that start with one of the characters listed above (can do this via 'Upload a CSV' tab in the Data tab)
  2. Go to SQL Lab or the Explore UI
  3. When viewing results from a query
  4. Click on download as CSV option
  5. See that the downloaded data is not properly escaped

Environment

  • superset version: latest master

Checklist

Make sure to follow these steps before submitting your issue - thank you!

  • I have checked the superset logs for python stacktraces and included it here as text if there are any.
  • I have reproduced the issue with at least the latest released version of superset.
  • I have checked the issue tracker for the same issue and I haven't found one similar.
@benjreinhart benjreinhart added the #bug Bug report label Mar 22, 2021
@benjreinhart benjreinhart mentioned this issue Mar 22, 2021
Merged
6 tasks
@junlincc junlincc added data:csv Related to import/export of CSVs and removed #bug Bug report labels Mar 25, 2021
betodealmeida pushed a commit that referenced this issue Mar 26, 2021
@benjreinhart
fix(#13734): Properly escape special characters in CSV output (#13735)
55ba47e 
* fix: Escape csv content during downloads

* Reuse CsvResponse object

* Use correct mimetype for csv responses

* Ensure that headers are also escaped

* Update escaping logic
betodealmeida pushed a commit to betodealmeida/incubator-superset that referenced this issue Mar 26, 2021
@benjreinhart @betodealmeida
fix(apache#13734): Properly escape special characters in CSV output (a…
ed88c9b 
…pache#13735)

* fix: Escape csv content during downloads

* Reuse CsvResponse object

* Use correct mimetype for csv responses

* Ensure that headers are also escaped

* Update escaping logic
amitmiran137 pushed a commit that referenced this issue Mar 31, 2021
Merge branch 'master' into feat/dashboard_extra_jwt
51b9e71 
* master: (56 commits)
  test: Adds tests and storybook to CertifiedIcon component (#13457)
  chore: Moves CheckboxIcons to Checkbox folder (#13459)
  chore: Removes Popover duplication (#13462)
  build(deps): bump elliptic from 6.5.3 to 6.5.4 in /docs (#13527)
  fix: allow spaces in DB names (#13800)
  chore: Update PR template for SIP-59 DB migrations process (#13855)
  Add CODEOWNERS (#13759)
  feat(alerts & reports): Easier to read execution logs (#13752)
  fix: Disallows negative options remaining (#13749)
  Fix broken link (#13861)
  fix(native-filters): add global async query support to native filters (#13837)
  Displays row limit warning with Alert component (#13854)
  fix(errors): Downgrade error on stop query to a warning (#13826)
  fix(alerts and reports): Unify timestamp format on execution log view (#13718)
  fix(sqllab): warning message when rows limited (#13841)
  chore: add success log whenever a connection is working (#13811)
  fix(native-filters): improve loading styles for filter component (#13794)
  chore: update change log with cherry-picks for release 1.1 (#13824)
  feat: added support to configure the default explorer viz (#13610)
  fix(#13734): Properly escape special characters in CSV output  (#13735)
  ...
cccs-rc pushed a commit to CybercentreCanada/superset that referenced this issue Mar 6, 2024
@benjreinhart @betodealmeida
fix(apache#13734): Properly escape special characters in CSV output (a…
01e9758 
…pache#13735)

* fix: Escape csv content during downloads

* Reuse CsvResponse object

* Use correct mimetype for csv responses

* Ensure that headers are also escaped

* Update escaping logic
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
data:csv Related to import/export of CSVs
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(#13734): Properly escape special characters in CSV output preset-io/superset
2 participants
@benjreinhart @junlincc