CODEWITHSUNDEEP
c#excelepplus
user610217
user610217

Reputation:

EPPlus excel sheet with script text in a cell

I'm coming across an issue that I'm not sure there's a good answer for.

We have a bulk-insert spreadsheet template to allow people to define certain components of an online ad. They then upload the document, we process it, and set it up in the database.

Recently there was a feature request to change bulk-insert into bulk-edit; IOW, people will download an excel sheet with information about the current ad prepopulated in the fields on the sheet. They would make changes as a set, then re-upload and we'd process the changes and update the database.

The problem is, one of the pieces of information is an HTML snippet with a <script> tag, and it seems like Excel pretty much deletes that automatically, so that column is never being populated when pulling down the sheet. It makes sense, in a way; it resembles executable code and could be a serious virus threat under some conditions, but even if I specify the column as pure text (using the Style.NumberFormat = "@" in EPPlus), Excel just makes the entire piece of data go away. It also skews the columns, looks like... shifts the subsequent cells to the left by one cell.

Is there any way to (safely) make this work without requiring changes to the downloader's security settings?

Upvotes: 1

Views: 526

Answers (1)

RJ Kelly
RJ Kelly

Reputation: 199

I dont have time to check into this, but What if you saved the workbook as a macro workbook, to enable some of the less secure behavior within the workbook? One other thing may be to escape the content with a single quote ' in the beginning of the cell, or wrap the entire "script" content with quotes.

What version of excel do you expect to encounter in the wild? I tested this with Excel 2013, and was able to save the following to a workbook, and parse it into a Datatable using EPP Plus 4.1.0.0:

    <script type="text/javascript">$(document).ready(function() {var I =0; console.info(I+100);});</script>

    '<script type="text/javascript">$(document).ready(function() {var I =0; console.info(I+100);});</script>

    "<script type='text/javascript'>$(document).ready(function() {var I =0; console.info(I+100);});</script>"

Workbook Parsed to DataTable

Nothing fancy, just iterating each cell in the workbook, pulling in the value and converted to string:

    object obj = Worksheets[WorkSheetIndex].Cells[k, l].Value;

Upvotes: 2

Related Questions