From 5f7be90cc17649f3fc2cc9d8932f41a338411cbf Mon Sep 17 00:00:00 2001 From: Thomas Willems Date: Tue, 15 Jun 2021 16:59:06 +0200 Subject: [PATCH] replace ILLEGAL_CHARACTERS_RE based on fix from @leonardoarroyo https://github.com/jazzband/tablib/issues/370#issuecomment-511542745 --- drf_renderer_xlsx/renderers.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drf_renderer_xlsx/renderers.py b/drf_renderer_xlsx/renderers.py index a2b7469..081b8b9 100644 --- a/drf_renderer_xlsx/renderers.py +++ b/drf_renderer_xlsx/renderers.py @@ -3,6 +3,7 @@ from collections.abc import MutableMapping, Iterable from django.utils.dateparse import parse_datetime from openpyxl import Workbook +from openpyxl.cell.cell import ILLEGAL_CHARACTERS_RE from openpyxl.styles import PatternFill, Border, Side, Alignment, Font, NamedStyle from openpyxl.drawing.image import Image from openpyxl.utils import get_column_letter @@ -305,6 +306,7 @@ def _sanitize_value(self, raw_value): # prepend ' if raw_value is starting with possible malicious char if self.sanitize_fields and raw_value: str_value = str(raw_value) + str_value = ILLEGAL_CHARACTERS_RE.sub('', str_value). # remove ILLEGAL_CHARACTERS so it does'nt crash if str_value.startswith(ESCAPE_CHARS): return "'" + raw_value return raw_value