Menu

Snippets

Yet another programmer blogging about code

Comma-separated vulnerabilities

If you accept user input and then export it as CSV, please read this now! James Kettle very neatly explains how something as simple as a CSV export can be used to deliver exploits. I didn’t know about this before today; hat tip to Gravity Forms and, via them, Ninja Forms.