trentuna/candle-annotator
8
0
Fork 0
Code Issues Pull requests Releases Packages Activity Actions
candle-annotator/openspec/changes/code-review-fix
History
Marko Djordjevic b2129ad626 security: add CSV injection protection to all export routes 
Add sanitizeCsvCell() helper to both export routes that prefixes cell
values starting with =, +, @, or - with a single quote to prevent CSV
formula injection attacks.

Applied to:
- src/app/api/export/route.ts: timestamp and label_type columns
- src/app/api/span-annotations/export/route.ts: start_time, end_time,
  label, and outcome columns

Closes task 4.10.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-18 11:20:36 +01:00
..
specs bind: MLflow port to 127.0.0.1:5000:5000 in docker-compose.yml 2026-02-18 10:58:11 +01:00
.openspec.yaml bind: MLflow port to 127.0.0.1:5000:5000 in docker-compose.yml 2026-02-18 10:58:11 +01:00
design.md bind: MLflow port to 127.0.0.1:5000:5000 in docker-compose.yml 2026-02-18 10:58:11 +01:00
proposal.md bind: MLflow port to 127.0.0.1:5000:5000 in docker-compose.yml 2026-02-18 10:58:11 +01:00
tasks.md security: add CSV injection protection to all export routes 2026-02-18 11:20:36 +01:00