Prepend a space to TSV cells that begin with a special character

sunnavy · sunnavy · commit cade8b90c696 · 2025-10-01T04:14:07.000-04:00
This ensures applications like Excel treat them as literal strings instead
of interpreting them as formulas.
diff --git a/share/html/Elements/TSVExport b/share/html/Elements/TSVExport
@@ -145,6 +145,8 @@ while (my $row = $Collection->Next) {
             $val =~ s/(?:\n|\r)+/ /g; $val =~ s{\t}{    }g;
             $val = $no_html->scrub($val);
             $val = HTML::Entities::decode_entities($val);
+            # To prevent injection, add a leading space to make sure excel-ish applications treat it like a literal
+            $val =~ s/^(?=-|\+|=|\@|")/ /;
             $val;
         } @$col)."\n");
     }

Original file line number	Diff line number	Diff line change
`@@ -145,6 +145,8 @@ while (my $row = $Collection->Next) {`
`145`	`145`	`$val =~ s/(?:\n\|\r)+/ /g; $val =~ s{\t}{ }g;`
`146`	`146`	`$val = $no_html->scrub($val);`
`147`	`147`	`$val = HTML::Entities::decode_entities($val);`
	`148`	`+ # To prevent injection, add a leading space to make sure excel-ish applications treat it like a literal`
	`149`	`+ $val =~ s/^(?=-\|\+\|=\|\@\|")/ /;`
`148`	`150`	`$val;`
`149`	`151`	`} @$col)."\n");`
`150`	`152`	`}`