Special cell value results invalid file

Question

Special cell value results invalid file

PRR24 opened this issue 6 years ago · comments

In case of cell value "__proto__" exceljs creates invalid file.
Same happens also with CellHyperlinkValue.text = "__proto__"

Steps to repro:
1. Create new excel file and worksheet.
2. Add rows to the sheet:
        sheet.addRow(["Not good"]);
        sheet.addRow(["__proto__"]);
3. Save the file.

Expected result:
Excel file with two text cells with provided values.

Actual result:
LibreOffice shows the file, but second row data is invalid.
Excel claims that the file is invalid. If force-opened, shows [object Object] in second cell

PRR24 · Answer 1 · Mon Aug 19 2019 21:01:44 GMT+0800 (China Standard Time)

There are more weirdnesses, for example
sheet.addRow(["toString"]);
will appear as "Name" in the resulting file.

Will Mizzi · Answer 2 · Wed Jan 22 2020 07:17:58 GMT+0800 (China Standard Time)

Having a similar issue. Doing the following:

sheet.addColumn([ 'toString' ])

and then writing, and opening the file results in a prompt from Excel saying:

"We found a problem with some content in 'workbook.xlsx'. Do you want us to try to recover as much as we can?"

Selecting "Yes" results in the following cell value where "toString" should be:

function toString() { [native code] }

Alan Wang · Answer 3 · Fri May 15 2020 11:51:01 GMT+0800 (China Standard Time)

@PRR24 @wmizzi I will use object..create(null) to resolve this error. I will submit a pull request as soon as possible.

Screenshots

Source code

  // shared-strings-xform.js
  this.hash = {};
  addText(value) {
    let index = this.hash[value];
    if (index === undefined) {
      index = this.hash[value] = this.model.values.length;
      this.model.values.push(value);
    }
    this.model.count++;
    return index;
  }