Fikirlər · 6 dəq oxu

CSV injection and formula hijacking: what viewers should avoid executing

Cells beginning with =, +, -, @ can trigger spreadsheet formulas, awareness for security teams and CSV tooling.

Dərc 21 mart 2025 · Table

When CSV opens in Excel or Sheets, a cell like =cmd|... can be interpreted as a formula. Pure viewers that do not execute formulas reduce that class of risk compared to full spreadsheet apps.

Defenses

Strip or prefix risky leading characters in untrusted feeds.
Open unknown files in a sandboxed viewer first.
Train finance users on "enable content" prompts.

CSV injection and formula hijacking: what viewers should avoid executing

Defenses

Çeviricilər

Baxıcılar və müqayisə

Excel iş axınları

Öyrən & məhsul

Color