Special cell value results invalid file
PRR24 opened this issue · comments
PRR24 commented
In case of cell value "__proto__" exceljs creates invalid file.
Same happens also with CellHyperlinkValue.text = "__proto__"
Steps to repro:
1. Create new excel file and worksheet.
2. Add rows to the sheet:
sheet.addRow(["Not good"]);
sheet.addRow(["__proto__"]);
3. Save the file.
Expected result:
Excel file with two text cells with provided values.
Actual result:
LibreOffice shows the file, but second row data is invalid.
Excel claims that the file is invalid. If force-opened, shows [object Object] in second cell
PRR24 commented
There are more weirdnesses, for example
sheet.addRow(["toString"]);
will appear as "Name" in the resulting file.
Will Mizzi commented
Having a similar issue. Doing the following:
sheet.addColumn([ 'toString' ])
and then writing, and opening the file results in a prompt from Excel saying:
"We found a problem with some content in 'workbook.xlsx'. Do you want us to try to recover as much as we can?"
Selecting "Yes" results in the following cell value where "toString" should be:
function toString() { [native code] }
Alan Wang commented
@PRR24 @wmizzi I will use object..create(null)
to resolve this error. I will submit a pull request as soon as possible.
Screenshots
Source code
// shared-strings-xform.js
this.hash = {};
addText(value) {
let index = this.hash[value];
if (index === undefined) {
index = this.hash[value] = this.model.values.length;
this.model.values.push(value);
}
this.model.count++;
return index;
}