module ActiveAdmin::Sanitizer

Prevents CSV Injection according to owasp.org/www-community/attacks/CSV_Injection

Constants

ATTACK_CHARACTERS

Public Instance Methods

require_sanitization?(value) click to toggle source
# File lib/active_admin/csv_builder.rb, line 140
def require_sanitization?(value)
  value.is_a?(String) && value.starts_with?(*ATTACK_CHARACTERS)
end
sanitize(value) click to toggle source
# File lib/active_admin/csv_builder.rb, line 134
def sanitize(value)
  return "'#{value}" if require_sanitization?(value)

  value
end