The Absurdly Underestimated Dangers of CSV Injection

Hey, just for fun let’s try something, let’s modify our CSV file to the following

UserId,BillToDate,ProjectName,Description,DurationMinutes
<span class="hljs-number">1</span>,<span class="hljs-number">2017</span>-<span class="hljs-number">07</span>-<span class="hljs-number">25</span>,Test Project,Flipped the jibbet,<span class="hljs-number">60</span>
<span class="hljs-number">2</span>,<span class="hljs-number">2017</span>-<span class="hljs-number">07</span>-<span class="hljs-number">25</span>,Important Client,<span class="hljs-string">"Bop, dop, and giglip"</span>, <span class="hljs-number">240</span>
<span class="hljs-number">2</span>,<span class="hljs-number">2017</span>-<span class="hljs-number">07</span>-<span class="hljs-number">25</span>,Important Client,<span class="hljs-string">"=2+5"</span>, <span class="hljs-number">240</span>