Merge pull request #704 from Patta/sanitize-frontend-output-export

einpraegsam · web-flow · commit 64efa12b9dcb · 2021-08-11T12:30:43.000+02:00
[TASK] Sanitize CSV and XLS frontend output export
diff --git a/Resources/Private/Templates/Output/ExportCsv.html b/Resources/Private/Templates/Output/ExportCsv.html
@@ -22,15 +22,17 @@
 
 					<f:if condition="{vh:condition.isArray(val: '{answer.value}')}">
 						<f:else>
-							"<vh:string.removeQuote>{answer.value}</vh:string.removeQuote>";
+							"<vh:string.removeQuote><vh:string.sanitizeCsvCell>{answer.value}</vh:string.sanitizeCsvCell></vh:string.removeQuote>";
 						</f:else>
 						<f:then>
 							"<vh:string.removeQuote>
-								<f:for each="{answer.value}" as="singleValue">
-									<f:if condition="{singleValue}">
-										{singleValue},
-									</f:if>
-								</f:for>
+                                <vh:string.sanitizeCsvCell>
+                                    <f:for each="{answer.value}" as="singleValue">
+                                        <f:if condition="{singleValue}">
+                                            {singleValue},
+                                        </f:if>
+                                    </f:for>
+                                </vh:string.sanitizeCsvCell>
 							</vh:string.removeQuote>";
 						</f:then>
 					</f:if>
diff --git a/Resources/Private/Templates/Output/ExportXls.html b/Resources/Private/Templates/Output/ExportXls.html
@@ -32,12 +32,12 @@
 										<f:then>
 											<f:for each="{answer.value}" as="singleValue">
 												<f:if condition="{singleValue}">
-													{singleValue},
+													<vh:string.sanitizeCsvCell>{singleValue}</vh:string.sanitizeCsvCell>,
 												</f:if>
 											</f:for>
 										</f:then>
 										<f:else>
-											{answer.value}
+											<vh:string.sanitizeCsvCell>{answer.value}</vh:string.sanitizeCsvCell>
 										</f:else>
 									</f:if>
 								</f:if>
