Summary
Users can export a board to a csv file. If the card's description contains markdown close to deck's csv dialect, it is not escaped and parsing the exported csv file becomes ambiguous.
To Reproduce
- Enable Deck
- Create a board
- Scaffold some cards
- Type some double quotation marks
" in a description field
- Export the board as csv
- Open the board with (a text editor|LibreOffice Calc|pandas)
Expected behavior
Opening the exported file with LibreOffice Calc shows the board's cards as a table.
import csv
import pandas
board = pandas.read_csv(
'exported_file_from_nextcloud.csv',
encoding='utf-16',
delimiter='\t',
quotechar='"',
quoting=csv.QUOTE_ALL,
header=0,
)Mitigation/Discussion
Until the exporter is fixed for general users, you can convert the exported csv dialect.
- The first
" of a file is a real delimiter.
- The last
" of a file is a real delimiter.
"\t" are real delimiters."\n" are real delimiters. every other " is a character inside a field.
Although with this mitigation the exported files are not broken beyond repair, the value for general users is quite limited since the exported dialect is outside of the range which is considered as input by general tools. A more compliant export dialect should be considered. I propose LibreOffice Calc and/or pandas as a benchmark.
Summary
Users can export a board to a csv file. If the card's description contains markdown close to deck's csv dialect, it is not escaped and parsing the exported csv file becomes ambiguous.
To Reproduce
"in a description fieldExpected behavior
Opening the exported file with LibreOffice Calc shows the board's cards as a table.
Mitigation/Discussion
Until the exporter is fixed for general users, you can convert the exported csv dialect.
"of a file is a real delimiter."of a file is a real delimiter."\t"are real delimiters."\n"are real delimiters. every other " is a character inside a field.Although with this mitigation the exported files are not broken beyond repair, the value for general users is quite limited since the exported dialect is outside of the range which is considered as input by general tools. A more compliant export dialect should be considered. I propose LibreOffice Calc and/or pandas as a benchmark.