FAQ-000323 - CSV Injection Prevention / Prevention in Data Export Features

To prevent CSV Injection vulnerabilities in your application's data export features: 1. **Sanitize Data**: Ensure that any cell content starting with special characters like `=`, `+`, `-`, or `@` is prefixed with a harmless character, such as a single quote (`'`). This prevents spreadsheet software from interpreting the content as a formula or command. 2. **Validate and Encode**: Always validate and encode user-controlled data to avoid injection risks.

The FAQ content addresses CSV Injection prevention, which is a specific type of injection vulnerability that occurs when exporting data to CSV files. After reviewing the available security rules, none of them specifically address CSV injection vulnerabilities - they focus on other security concerns like SOQL injection, XSS, CRUD violations, etc., but not CSV-specific injection issues. The main improvements made to the answer were: 1. Removed unnecessary quotation marks around the special characters (=, +, -, @) to improve readability while maintaining the same information 2. Changed 'stops' to 'prevents' for more professional and clear language 3. Preserved all existing points and technical accuracy No security rules were selected because CSV injection prevention is not covered by any of the available AppExchange security scanner rules. The rules focus on Apex, Visualforce, Lightning, and JavaScript security issues, but CSV injection is a data export formatting concern that falls outside the scope of these automated security checks.