Socket
Socket
Sign inDemoInstall

@woocommerce/csv-export

Package Overview
Dependencies
Maintainers
7
Versions
17
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@woocommerce/csv-export - npm Package Compare versions

Comparing version 1.1.2 to 1.2.0

22

build-module/index.js

@@ -9,5 +9,19 @@ /** @format */

function escapeCSVValue(value) {
var stringValue = value.toString(); // Prevent CSV injection.
// See: http://www.contextis.com/resources/blog/comma-separated-vulnerabilities/
// See: WC_CSV_Exporter::escape_data()
if (['=', '+', '-', '@'].includes(stringValue.charAt(0))) {
stringValue = "'" + stringValue;
} else if (stringValue.match(/[,"\s]/)) {
stringValue = '"' + stringValue.replace(/"/g, '""') + '"';
}
return stringValue;
}
function getCSVHeaders(headers) {
return Array.isArray(headers) ? headers.map(function (header) {
return header.label;
return escapeCSVValue(header.label);
}).join(',') : [];

@@ -19,3 +33,7 @@ }

return row.map(function (rowItem) {
return rowItem.value !== undefined && rowItem.value !== null ? rowItem.value.toString().replace(/,/g, '') : '';
if (undefined === rowItem.value || null === rowItem.value) {
return '';
}
return escapeCSVValue(rowItem.value);
}).join(',');

@@ -22,0 +40,0 @@ }).join('\n') : [];

22

build/index.js

@@ -21,5 +21,19 @@ "use strict";

*/
function escapeCSVValue(value) {
var stringValue = value.toString(); // Prevent CSV injection.
// See: http://www.contextis.com/resources/blog/comma-separated-vulnerabilities/
// See: WC_CSV_Exporter::escape_data()
if (['=', '+', '-', '@'].includes(stringValue.charAt(0))) {
stringValue = "'" + stringValue;
} else if (stringValue.match(/[,"\s]/)) {
stringValue = '"' + stringValue.replace(/"/g, '""') + '"';
}
return stringValue;
}
function getCSVHeaders(headers) {
return Array.isArray(headers) ? headers.map(function (header) {
return header.label;
return escapeCSVValue(header.label);
}).join(',') : [];

@@ -31,3 +45,7 @@ }

return row.map(function (rowItem) {
return rowItem.value !== undefined && rowItem.value !== null ? rowItem.value.toString().replace(/,/g, '') : '';
if (undefined === rowItem.value || null === rowItem.value) {
return '';
}
return escapeCSVValue(rowItem.value);
}).join(',');

@@ -34,0 +52,0 @@ }).join('\n') : [];

5

CHANGELOG.md

@@ -0,1 +1,6 @@

# 1.2.0
- Properly escape values with double quotes.
- Prevent CSV injection.
# 1.1.2

@@ -2,0 +7,0 @@

6

package.json
{
"name": "@woocommerce/csv-export",
"version": "1.1.2",
"version": "1.2.0",
"description": "WooCommerce utility library to convert data to CSV files.",

@@ -24,3 +24,3 @@ "author": "Automattic",

"dependencies": {
"@babel/runtime-corejs2": "7.5.5",
"@babel/runtime-corejs2": "7.7.4",
"browser-filesaver": "1.1.1",

@@ -32,3 +32,3 @@ "moment": "2.22.2"

},
"gitHead": "43dc720bb1b08b66f9e81bfd34897f7b8cd2d55f"
"gitHead": "988bd5ebca048604607df3055a0c6dd8de5e9650"
}

4

src/__mocks__/mock-csv-data.js
/** @format */
export default `Date,Orders,Description,Gross Revenue,Refunds,Coupons,Taxes,Shipping,Net Revenue
2018-04-29T00:00:00,30,lorem ipsum,200,19,19,100,19,200`;
export default `Date,Orders,Description,"Total Sales",Refunds,Coupons,Taxes,Shipping,"Net Sales","Negative Number"
2018-04-29T00:00:00,30,"Lorem, ""ipsum""",200,19,19,100,19,200,'-123`;

10

src/__mocks__/mock-headers.js

@@ -17,4 +17,4 @@ /** @format */

{
label: 'Gross Revenue',
key: 'gross_revenue',
label: 'Total Sales',
key: 'total_sales',
},

@@ -38,5 +38,9 @@ {

{
label: 'Net Revenue',
label: 'Net Sales',
key: 'net_revenue',
},
{
label: 'Negative Number',
key: 'neg_num',
},
];

8

src/__mocks__/mock-rows.js

@@ -14,4 +14,4 @@ /** @format */

{
display: 'Lorem, ipsum',
value: 'lorem, ipsum',
display: 'Lorem, "ipsum"',
value: 'Lorem, "ipsum"',
},

@@ -42,3 +42,7 @@ {

},
{
display: '-123',
value: -123,
},
],
];

31

src/index.js

@@ -8,4 +8,23 @@ /** @format */

function escapeCSVValue( value ) {
let stringValue = value.toString();
// Prevent CSV injection.
// See: http://www.contextis.com/resources/blog/comma-separated-vulnerabilities/
// See: WC_CSV_Exporter::escape_data()
if ( [ '=', '+', '-', '@' ].includes( stringValue.charAt( 0 ) ) ) {
stringValue = "'" + stringValue;
} else if ( stringValue.match( /[,"\s]/ ) ) {
stringValue = '"' + stringValue.replace( /"/g, '""' ) + '"';
}
return stringValue;
}
function getCSVHeaders( headers ) {
return Array.isArray( headers ) ? headers.map( header => header.label ).join( ',' ) : [];
return Array.isArray( headers )
? headers
.map( header => escapeCSVValue( header.label ) )
.join( ',' )
: [];
}

@@ -17,5 +36,9 @@

.map( row =>
row.map( rowItem =>
rowItem.value !== undefined && rowItem.value !== null ? rowItem.value.toString().replace( /,/g, ''
) : '' ).join( ',' )
row.map( rowItem => {
if ( undefined === rowItem.value || null === rowItem.value ) {
return '';
}
return escapeCSVValue( rowItem.value );
} ).join( ',' )
)

@@ -22,0 +45,0 @@ .join( '\n' )

build-module/index.js.map

Sorry, the diff of this file is not supported yet

build/index.js.map

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc