UNPKG

handsontable

Version:

Handsontable is a JavaScript Data Grid available for React, Angular and Vue.

handsontable.com

handsontable/handsontable

144 lines (141 loc) 5.26 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
import "core-js/modules/es.error.cause.js"; import "core-js/modules/esnext.iterator.constructor.js"; import "core-js/modules/esnext.iterator.map.js"; function _classPrivateMethodInitSpec(e, a) { _checkPrivateRedeclaration(e, a), a.add(e); } function _checkPrivateRedeclaration(e, t) { if (t.has(e)) throw new TypeError("Cannot initialize the same private elements twice on an object"); } function _assertClassBrand(e, t, n) { if ("function" == typeof e ? e === t : e.has(t)) return arguments.length < 3 ? t : n; throw new TypeError("Private element is not present on this object"); } import { arrayEach, arrayMap } from "../../../helpers/array.mjs"; import { stringify } from "../../../helpers/mixed.mjs"; import BaseType from "./_base.mjs"; const CHAR_CARRIAGE_RETURN = String.fromCharCode(13); const CHAR_DOUBLE_QUOTES = String.fromCharCode(34); const CHAR_LINE_FEED = String.fromCharCode(10); const CHAR_EQUAL = String.fromCharCode(61); const CHAR_PLUS = String.fromCharCode(43); const CHAR_MINUS = String.fromCharCode(45); const CHAR_AT = String.fromCharCode(64); const CHAR_TAB = String.fromCharCode(9); /** * @private */ var _Csv_brand = /*#__PURE__*/new WeakSet(); class Csv extends BaseType { constructor() { super(...arguments); /** * Sanitize value that may be interpreted as a formula in spreadsheet software. * Following the OWASP recommendations: https://owasp.org/www-community/attacks/CSV_Injection. * * @param {string} value Cell value. * @returns {string} */ _classPrivateMethodInitSpec(this, _Csv_brand); } /** * Default options for exporting CSV format. * * @returns {object} */ static get DEFAULT_OPTIONS() { return { mimeType: 'text/csv', fileExtension: 'csv', bom: true, columnDelimiter: ',', rowDelimiter: '\r\n', sanitizeValues: false }; } /** * Create string body in desired format. * * @returns {string} */ export() { const options = this.options; const data = this.dataProvider.getData(); let columnHeaders = this.dataProvider.getColumnHeaders(); const hasColumnHeaders = columnHeaders.length > 0; const rowHeaders = this.dataProvider.getRowHeaders(); const hasRowHeaders = rowHeaders.length > 0; let result = options.bom ? String.fromCharCode(0xFEFF) : ''; if (hasColumnHeaders) { columnHeaders = arrayMap(columnHeaders, value => this._escapeCell(value, { force: true, sanitizeValue: options.sanitizeValues })); if (hasRowHeaders) { result += options.columnDelimiter; } result += columnHeaders.join(options.columnDelimiter); result += options.rowDelimiter; } arrayEach(data, (value, index) => { if (index > 0) { result += options.rowDelimiter; } if (hasRowHeaders) { result += this._escapeCell(rowHeaders[index], { sanitizeValue: options.sanitizeValues }); result += options.columnDelimiter; } const escapedValue = value.map(cellValue => this._escapeCell(cellValue, { sanitizeValue: options.sanitizeValues })).join(options.columnDelimiter); result += escapedValue; }); return result; } /** * Escape cell value. * * @param {*} value Cell value. * @param {object} options Options. * @param {boolean} [options.force=false] Indicates if cell value will be escaped forcefully. * @param {boolean|RegExp|Function} [options.sanitizeValue=false] Controls the sanitization of cell value. * @returns {string} */ _escapeCell(value) { let { force = false, sanitizeValue = false } = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {}; let returnValue = stringify(value); if (returnValue === '') { return returnValue; } if (sanitizeValue) { force = true; } if (sanitizeValue instanceof RegExp) { returnValue = _assertClassBrand(_Csv_brand, this, _sanitizeValueWithRegExp).call(this, returnValue, sanitizeValue); } else if (typeof sanitizeValue === 'function') { returnValue = sanitizeValue(returnValue); } else if (sanitizeValue) { returnValue = _assertClassBrand(_Csv_brand, this, _sanitizeValueWithOWASP).call(this, returnValue); } if (force || returnValue.indexOf(CHAR_CARRIAGE_RETURN) >= 0 || returnValue.indexOf(CHAR_DOUBLE_QUOTES) >= 0 || returnValue.indexOf(CHAR_LINE_FEED) >= 0 || returnValue.indexOf(this.options.columnDelimiter) >= 0) { returnValue = returnValue.replace(new RegExp('"', 'g'), '""'); returnValue = `"${returnValue}"`; } return returnValue; } } function _sanitizeValueWithOWASP(value) { if (value.startsWith(CHAR_EQUAL) || value.startsWith(CHAR_PLUS) || value.startsWith(CHAR_MINUS) || value.startsWith(CHAR_AT) || value.startsWith(CHAR_TAB) || value.startsWith(CHAR_CARRIAGE_RETURN)) { return `'${value}`; } return value; } /** * Sanitize value using regular expression. * * @param {string} value Cell value. * @param {RegExp} regexp Regular expression to test against. * @returns {string} */ function _sanitizeValueWithRegExp(value, regexp) { return regexp.test(value) ? `'${value}` : value; } export default Csv;