ASVS Requirement 1.2.10

• Level: 3
• Chapter: V1 Encoding and Sanitization
• Section: V1.2 Injection Prevention
• Source: 0x10-V1-Encoding-and-Sanitization.md

Description

Verify that the application is protected against CSV and Formula Injection. The application must follow the escaping rules defined in RFC 4180 sections 2.6 and 2.7 when exporting CSV content. Additionally, when exporting to CSV or other spreadsheet formats (such as XLS, XLSX, or ODF), special characters (including '=', '+', '-', '@', '\t' (tab), and '\0' (null character)) must be escaped with a single quote if they appear as the first character in a field value.