CVE-2021-23654 Improper Input Validation

[RichieB2B]

Interestingly enough someone found a security issue in this code but failed to post a pull-request or even report it:

https://security.snyk.io/vuln/SNYK-PYTHON-HTMLTOCSV-1582784

CVE-2021-23654 was probably the result of automated static analysis. It is called CSV injection and happens when you open a file that includes formulas (e.g. ='file:///etc/passwd'#$passwd.A1) in a spreadsheet program such as LibreOffice or Excel.

As far as I'm concerned, this library shouldn't be in the business of filtering input, but users should know that caution must be exercised when opening files from unknown sources (before or after conversion).