Class: StreamyCsv::InjectionSanitizer

Inherits:

Object

Object
StreamyCsv::InjectionSanitizer

Defined in:: lib/streamy_csv/injection_sanitizer.rb

Constant Summary collapse

PREFIXES_TO_ESCAPE =

%w(= @ + - |)

ESCAPE_CHAR =

"'"

Class Method Summary collapse

.sanitize_csv_row(row) ⇒ Object

Class Method Details

.sanitize_csv_row(row) ⇒ `Object`

# File 'lib/streamy_csv/injection_sanitizer.rb', line 6

def self.sanitize_csv_row(row)
  if row.is_a?(CSV::Row)
    sanitized_row = row.dup
    row.each do |title, value|
      if value.to_s.start_with?(*PREFIXES_TO_ESCAPE)
        sanitized_row[title] = "#{ESCAPE_CHAR}#{value}"
      end
    end
  end
  row
end