undefined | Better HN

0 pointsmulmen8y ago0 comments

The problem isn't with CSV, it is with spreadsheet applications.

0 comments

6 comments · 2 top-level

benmmurphy8y ago· 3 in thread

i don't know why spreadsheet applications don't standardise on a file extension that they won't screw with. call it csf or something. treat it like pure CSV except don't interpret =/@ or any of the other weirdness. basically just interpret all fields as plain strings as default [even if they look like numbers]. this way everything is backwards compatible old 'weird CSV' files still work and those that care about their users can use .csf and the files won't endanger their users.

mulmenOP8y ago

Yeah or they could just make "mangle my CSV files" an option buried in the config somewhere. I'd even open up regedit.

mark-r8y ago

That would make safety an "opt in" measure, it should be "opt out" instead. Make the CSV format stop interpreting formulas unless you specifically ask it to. Most people don't put formulas in their CSV files anyway.

mulmenOP8y ago

The CSV format doesn't interpret anything, it's spreadsheet applications doing that.

1 more reply

fulafel8y ago· 1 in thread

Users associate application behaviour with file formats.

Analogy: people think PDF files are safe, but aren't aware of the constant stream of RCE vulnerabilities that is Acrobat Reader & how widely it's used, which invalidates their model of behaviour associated with PDF files.

mulmenOP8y ago

In this case the users are wrong and so are the spreadsheet applications.

j / k navigate · click thread line to collapse

0 comments

6 comments · 2 top-level

benmmurphy8y ago· 3 in thread

i don't know why spreadsheet applications don't standardise on a file extension that they won't screw with. call it csf or something. treat it like pure CSV except don't interpret =/@ or any of the other weirdness. basically just interpret all fields as plain strings as default [even if they look like numbers]. this way everything is backwards compatible old 'weird CSV' files still work and those that care about their users can use .csf and the files won't endanger their users.

mulmenOP8y ago

Yeah or they could just make "mangle my CSV files" an option buried in the config somewhere. I'd even open up regedit.

mark-r8y ago

That would make safety an "opt in" measure, it should be "opt out" instead. Make the CSV format stop interpreting formulas unless you specifically ask it to. Most people don't put formulas in their CSV files anyway.

mulmenOP8y ago

The CSV format doesn't interpret anything, it's spreadsheet applications doing that.

1 more reply

fulafel8y ago· 1 in thread

Users associate application behaviour with file formats.

Analogy: people think PDF files are safe, but aren't aware of the constant stream of RCE vulnerabilities that is Acrobat Reader & how widely it's used, which invalidates their model of behaviour associated with PDF files.

mulmenOP8y ago

In this case the users are wrong and so are the spreadsheet applications.

j / k navigate · click thread line to collapse