top | item 41735607 (no title) emedchill | 1 year ago Having special characters is a good idea but having a comma just to break a CSV is dumb. This would only happen if the hacker used a bad exporter or created their own (very poorly). discuss order hn newest freedomben|1 year ago Yeah, this is silly. Pretty much every serializer in existence is going to handle this case. If the attacker wrote their own, then you might get lucky aeonik|1 year ago AFAIU CSV is fundamentally ambiguous and can't actually be parsed in a fully deterministic way.Edge cases get hard when dealing with nested commas, and there's no standard escape sequence.Probably matters less with a two column arrangement, but things get really hairy really fast when you start adding types or BLOBs in the CSV. load replies (1)
freedomben|1 year ago Yeah, this is silly. Pretty much every serializer in existence is going to handle this case. If the attacker wrote their own, then you might get lucky aeonik|1 year ago AFAIU CSV is fundamentally ambiguous and can't actually be parsed in a fully deterministic way.Edge cases get hard when dealing with nested commas, and there's no standard escape sequence.Probably matters less with a two column arrangement, but things get really hairy really fast when you start adding types or BLOBs in the CSV. load replies (1)
aeonik|1 year ago AFAIU CSV is fundamentally ambiguous and can't actually be parsed in a fully deterministic way.Edge cases get hard when dealing with nested commas, and there's no standard escape sequence.Probably matters less with a two column arrangement, but things get really hairy really fast when you start adding types or BLOBs in the CSV. load replies (1)
freedomben|1 year ago
aeonik|1 year ago
Edge cases get hard when dealing with nested commas, and there's no standard escape sequence.
Probably matters less with a two column arrangement, but things get really hairy really fast when you start adding types or BLOBs in the CSV.