Setting quotePrefix flag

Issue #1047 resolved
Andrey Novosad
created an issue

MS Excel application allows to escape cell values starting with "=", "+", "-", "@" etc. by adding a single quote character (') at the beginning of the string, which prevents treating the value as a formula. The quote character is visible in the formula bar but not in the cell. When the file saved as an xlsx workbook, the quote is not stored as part of the cell value, but as quotePrefix flag.

It would be nice if openpyxl provides a way to mimic this behavior when writing and saving a workbook. The primary use case is escaping potentially malicious content during file generation from an application.

The Cell class has the quotePrefex property. This attribute can be read but cannot be updated.

This works

wb = load_workbook(filename='test.xlsx')
s = wb.worksheets[0]
is_escaped = ['A1'].quotePrefix

This would be nice to have

wb = Workbook()
ws = wb.active
ws['A1'] = "cmd malicious_app"
ws['A1'].quotePrefix = True
wb.save('test.xlsx')

This issue has been brought up in the mailing list and StackOverflow:

https://groups.google.com/d/msg/openpyxl-users/Z4QBuFYtMo0/VIkcmGszBQAJ

https://stackoverflow.com/questions/50027429/openpyxl-how-to-put-value-with-a-leading-single-quote

Comments (1)

  1. Log in to comment