You cannot blame CSV for it. CSV is just passive data.

Once you load or open a CSV file into something dangerous as a spreadsheet program that allows formula's to be execcuted on open, all bets are off. Or are they?

Code speaks loader than words ...

`$ cat formula.csv
a,b,c
1,=2+3,4
6,,7,=8+9,
`

Parsing

`$ perl -MCSV -e'dcsv (in => "formula.csv")'
[
[ 'a',
'b',
'c'
],
[ '1',
'=2+3',
'4'
],
[ '6',
'',
'7',
'=8+9',
''
]
]
$ perl -MCSV -e'dcsv (in => "formula.csv", formula => "none")'
[
[ 'a',
'b',
'c'
],
[ '1',
'=2+3',
'4'
],
[ '6',
'',
'7',
'=8+9',
''
]
]
$ perl -MCSV -e'dcsv (in => "formula.csv", formula => "die")'
Formulas are forbidden
$ perl -MCSV -e'dcsv (in => "formula.csv", formula => "croak")'
Formulas are forbidden
$ perl -MCSV -e'dcsv (in => "formula.csv", formula => "diag")'
Field 2 in record 1 contains formula '=2+3'
Field 4 in record 2 contains formula '=8+9'
[
[ 'a',
'b',
'c'
],
[ '1',
'=2+3',
'4'
],
[ '6',
'',
'7',
'=8+9',
''
]
]
$ perl -MCSV -e'dcsv (in => "formula.csv", formula => "empty")'
[
[ 'a',
'b',
'c'
],
[ '1',
'',
'4'
],
[ '6',
'',
'7',
'',
''
]
]
$ perl -MCSV -e'dcsv (in => "formula.csv", formula => "undef")'
[
[ 'a',
'b',
'c'
],
[ '1',
undef,
'4'
],
[ '6',
'',
'7',
undef,
''
]
]
`

Generating

`$ perl -MCSV -e'dcsv (in => [["a","b","c"],[1,"=2+3",4],[6,"",7,"=8+9"
+]], quote_empty => 1)'
a,b,c
1,=2+3,4
6,"",7,=8+9
1
$ perl -MCSV -e'dcsv (in => [["a","b","c"],[1,"=2+3",4],[6,"",7,"=8+9"
+]], quote_empty => 1, formula => "none")'
a,b,c
1,=2+3,4
6,"",7,=8+9
1
$ perl -MCSV -e'dcsv (in => [["a","b","c"],[1,"=2+3",4],[6,"",7,"=8+9"
+]], quote_empty => 1, formula => "die")'
a,b,c
Formulas are forbidden
Exit 255
$ perl -MCSV -e'dcsv (in => [["a","b","c"],[1,"=2+3",4],[6,"",7,"=8+9"
+]], quote_empty => 1, formula => "croak")'
a,b,c
Formulas are forbidden
Exit 255
$ perl -MCSV -e'dcsv (in => [["a","b","c"],[1,"=2+3",4],[6,"",7,"=8+9"
+]], quote_empty => 1, formula => "diag")'
a,b,c
Field 1 contains formula '=2+3'
1,=2+3,4
Field 3 contains formula '=8+9'
6,"",7,=8+9
1
$ perl -MCSV -e'dcsv (in => [["a","b","c"],[1,"=2+3",4],[6,"",7,"=8+9"
+]], quote_empty => 1, formula => "empty")'
a,b,c
1,"",4
6,"",7,""
1
$ perl -MCSV -e'dcsv (in => [["a","b","c"],[1,"=2+3",4],[6,"",7,"=8+9"
+]], quote_empty => 1, formula => "undef")'
a,b,c
1,,4
6,"",7,
1
`

Expect this to be available by next week.

Comment onBe prepared for CSV injections in spreadsheetSelectorDownloadCode