mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-11-25 09:03:12 +03:00
de668e7950
fix https://linear.app/tryghost/issue/ENG-805/ refs https://owasp.org/www-community/attacks/CSV_Injection - it's possible for certain fields in a member CSV export to be executed by software that opens the CSVs - we can protect against this for the user by escaping any forumulae in the CSV fields - papaparse provides this option natively, so it's just a case of providing the field to the unparse method - credits to Harvey Spec (phulelouch) for reporting |
||
---|---|---|
.. | ||
lib | ||
test | ||
.eslintrc.js | ||
index.js | ||
package.json | ||
README.md |
Members Csv
Usage
There are 2 parts to this package: CSV to JSON serialization and JSON to CSV serialization. The module exposes 2 methods to fulfil these: parse
and unparse
respectively.
To parse
CSV file and convert it to JSON use parse
method, e.g.:
const {parse} = require('@tryghost/members-csv');
const mapping = {
email: 'csv_column_containing_email_data',
name: 'csv_column_containing_names_data'
}
const membersJSON = await parse(csvFilePath, mapping);
csvFilePath
- is a path to the CSV file that has to be processed
mapping
- optional parameter, it's a hash describing custom mapping for CSV columns to JSON properties
Example mapping for CSV having email under correo_electronico
column would look like following:
{
email: 'correo_electronico'
}
To unparse
JSON to CSV compatible with members format use following:
const {unparse} = require('@tryghost/members-csv');
const members = [{
email: 'email@example.com',
name: 'Sam Memberino',
note: 'Early supporter'
}];
const membersCSV = unparse(members);
console.log(membersCSV);
// -> "id,email,name,note,subscribed_to_emails,complimentary_plan,stripe_customer_id,created_at,deleted_at,labels\r\n,email@example.com,Sam Memberino,Early supporter,,,,,,"