If you accept user input and then export it as CSV, please read this now! James Kettle very neatly explains how something as simple as a CSV export can be used to deliver exploits. I didn’t know about this before today; hat tip to Gravity Forms and, via them, Ninja Forms.