mirror of https://github.com/gophish/gophish
Updated PapaParse config to prevent CSV injection.
I've updated the PapaParse JS library to the latest version from the master branch which supports the `escapeForumlae` option in order to prevent malicious event entries from being parsed and executed by the Gophish user's spreadsheet software. When a new PapaParse release is created, I'll update this code to use the updated minified file.pull/1914/head
parent
4e9b94b641
commit
b25f5ac5e4
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -216,7 +216,9 @@ function exportAsCSV(scope) {
|
|||
return
|
||||
}
|
||||
$("#exportButton").html('<i class="fa fa-spinner fa-spin"></i>')
|
||||
var csvString = Papa.unparse(csvScope, {})
|
||||
var csvString = Papa.unparse(csvScope, {
|
||||
'escapeFormulae': true
|
||||
})
|
||||
var csvData = new Blob([csvString], {
|
||||
type: 'text/csv;charset=utf-8;'
|
||||
});
|
||||
|
|
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue