trentuna/candle-annotator
8
0
Fork 0
Code Issues Pull requests Releases Packages Activity Actions
candle-annotator/openspec
History
Marko Djordjevic b2129ad626 security: add CSV injection protection to all export routes 
Add sanitizeCsvCell() helper to both export routes that prefixes cell
values starting with =, +, @, or - with a single quote to prevent CSV
formula injection attacks.

Applied to:
- src/app/api/export/route.ts: timestamp and label_type columns
- src/app/api/span-annotations/export/route.ts: start_time, end_time,
  label, and outcome columns

Closes task 4.10.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-18 11:20:36 +01:00
..
changes security: add CSV injection protection to all export routes 2026-02-18 11:20:36 +01:00
specs sync: ml-ui-connection delta specs to main specs 2026-02-18 10:21:05 +01:00
config.yaml starting planning 2026-02-12 09:42:55 +01:00