
How to export Django data faster than ever before - palewire
https://www.californiacivicdata.org/2017/09/05/django-postgres-copy-2/
======
Alex3917
This is cool. Is there a way to automatically sanitize for CSV Injection
vulnerabilities? (I.e. stripping out Excel macros.)

~~~
palewire
I hadn't considered that. It only accepts CSVs, not Excel files, right now. If
you can provide an example of a dangerous file we can try testing against it.

~~~
Alex3917
I meant in terms of what it's outputting from the models, not what it's
accepting as input. Since most apps accepts accept input from users via API
endpoints or forms, sanitizing the output strikes me as more important than
sanitizing the input, although ideally both should happen.

I don't have any good example data, but this is what I'm talking about:

[https://github.com/wagtail/wagtail/issues/3466](https://github.com/wagtail/wagtail/issues/3466)

A lot of folks don't care about this if they are making libraries for users,
since it's really an issue with Excel, but if people within your company are
the ones who are going to be potentially getting pwned then it makes less
sense to me to just blame MS or whatever.

~~~
palewire
Thanks for the tip. This is something I was unaware of.

