@mui/x-data-grid-premium 6.19.10 → 6.20.0

package/CHANGELOG.md

@@ -3,6 +3,82 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## 6.20.0
+
+_May 24, 2024_
+
+We'd like to offer a big thanks to the 2 contributors who made this release possible. Here are some highlights ✨:
+
+- 🐞 Bugfixes
+
+### Data Grid
+
+#### `@mui/x-data-grid@6.20.0`
+
+- [DataGrid] Escape formulas in CSV and Excel export (#13190) @cherniavskii
+
+#### `@mui/x-data-grid-pro@6.20.0` [![pro](https://mui.com/r/x-pro-svg)](https://mui.com/r/x-pro-svg-link 'Pro plan')
+
+Same changes as in `@mui/x-data-grid@6.20.0`.
+
+#### `@mui/x-data-grid-premium@6.20.0` [![premium](https://mui.com/r/x-premium-svg)](https://mui.com/r/x-premium-svg-link 'Premium plan')
+
+Same changes as in `@mui/x-data-grid-pro@6.20.0`.
+
+### Date Pickers
+
+#### `@mui/x-date-pickers@6.20.0`
+
+- [pickers] Fix `disableOpenPicker` prop behavior (#13221) @LukasTy
+
+#### `@mui/x-date-pickers-pro@6.20.0` [![pro](https://mui.com/r/x-pro-svg)](https://mui.com/r/x-pro-svg-link 'Pro plan')
+
+Same changes as in `@mui/x-date-pickers@6.20.0`.
+
+## 6.19.12
+
+_May 17, 2024_
+
+We'd like to offer a big thanks to the 2 contributors who made this release possible. Here are some highlights ✨:
+
+- 🐞 Bugfixes
+
+### Date Pickers
+
+#### `@mui/x-date-pickers@6.19.12`
+
+- [pickers] Fix `AdapterMomentJalaali` regression (#13150) @LukasTy
+
+#### `@mui/x-date-pickers-pro@6.19.12` [![pro](https://mui.com/r/x-pro-svg)](https://mui.com/r/x-pro-svg-link 'Pro plan')
+
+Same changes as in `@mui/x-date-pickers@6.19.12`.
+
+### Docs
+
+- [docs] Use MUI X v6 in Codesandbox and Stackblitz demos (#12838) @cherniavskii
+
+## 6.19.11
+
+_Apr 18, 2024_
+
+We'd like to offer a big thanks to the 1 contributor who made this release possible. Here are some highlights ✨:
+
+- 🐞 Bugfixes
+
+### Data Grid
+
+#### `@mui/x-data-grid@6.19.11`
+
+- [DataGrid] Fix virtualization memory leak (#12812) @romgrk
+
+#### `@mui/x-data-grid-pro@6.19.11` [![pro](https://mui.com/r/x-pro-svg)](https://mui.com/r/x-pro-svg-link 'Pro plan')
+
+Same changes as in `@mui/x-data-grid@6.19.11`.
+
+#### `@mui/x-data-grid-premium@6.19.11` [![premium](https://mui.com/r/x-premium-svg)](https://mui.com/r/x-premium-svg-link 'Premium plan')
+
+Same changes as in `@mui/x-data-grid-pro@6.19.11`.
+
 ## 6.19.10
 
 _Apr 12, 2024_

package/components/GridExcelExportMenuItem.js

@@ -32,6 +32,7 @@ process.env.NODE_ENV !== "production" ? GridExcelExportMenuItem.propTypes = {
     allColumns: PropTypes.bool,
     columnsStyles: PropTypes.object,
     disableToolbarButton: PropTypes.bool,
+    escapeFormulas: PropTypes.bool,
     exceljsPostProcess: PropTypes.func,
     exceljsPreProcess: PropTypes.func,
     fields: PropTypes.arrayOf(PropTypes.string),

package/hooks/features/cellSelection/useGridCellSelection.js

@@ -455,9 +455,12 @@ export const useGridCellSelection = (apiRef, props) => {
         if (fieldsMap[field]) {
           const cellParams = apiRef.current.getCellParams(rowId, field);
           cellData = serializeCellValue(cellParams, {
-            delimiterCharacter: clipboardCopyCellDelimiter,
-            ignoreValueFormatter,
-            shouldAppendQuotes: false
+            csvOptions: {
+              delimiter: clipboardCopyCellDelimiter,
+              shouldAppendQuotes: false,
+              escapeFormulas: false
+            },
+            ignoreValueFormatter
           });
         } else {
           cellData = '';

package/hooks/features/export/serializer/excelSerializer.d.ts

@@ -1,7 +1,7 @@
 import type * as Excel from 'exceljs';
 import { GridRowId, GridColDef } from '@mui/x-data-grid-pro';
 import { GridStateColDef, GridColumnGroupLookup } from '@mui/x-data-grid/internals';
-import { GridExceljsProcessInput, ColumnsStylesInterface, GridExcelExportOptions } from '../gridExcelExportInterface';
+import { ColumnsStylesInterface, GridExcelExportOptions } from '../gridExcelExportInterface';
 import { GridPrivateApiPremium } from '../../../../models/gridApiPremium';
 interface SerializedRow {
     row: Record<string, undefined | number | boolean | string | Date>;
@@ -16,7 +16,7 @@ export declare const serializeRow: (id: GridRowId, columns: GridStateColDef[], a
     [field: string]: {
         address: string;
     };
-}) => SerializedRow;
+}, options: Pick<BuildExcelOptions, 'escapeFormulas'>) => SerializedRow;
 export declare const serializeColumn: (column: GridColDef, columnsStyles: ColumnsStylesInterface) => {
     key: string;
     headerText: string;
@@ -42,14 +42,9 @@ type ValueOptionsData = Record<string, {
     address: string;
 }>;
 export declare function getDataForValueOptionsSheet(columns: GridStateColDef[], valueOptionsSheetName: string, api: GridPrivateApiPremium): Promise<ValueOptionsData>;
-interface BuildExcelOptions {
+interface BuildExcelOptions extends Pick<GridExcelExportOptions, 'exceljsPreProcess' | 'exceljsPostProcess'>, Pick<Required<GridExcelExportOptions>, 'valueOptionsSheetName' | 'includeHeaders' | 'includeColumnGroupsHeaders' | 'escapeFormulas'> {
     columns: GridStateColDef[];
     rowIds: GridRowId[];
-    includeHeaders: boolean;
-    includeColumnGroupsHeaders: boolean;
-    valueOptionsSheetName: string;
-    exceljsPreProcess?: (processInput: GridExceljsProcessInput) => Promise<void>;
-    exceljsPostProcess?: (processInput: GridExceljsProcessInput) => Promise<void>;
     columnsStyles?: ColumnsStylesInterface;
 }
 export declare function buildExcel(options: BuildExcelOptions, api: GridPrivateApiPremium): Promise<Excel.Workbook>;

package/hooks/features/export/serializer/excelSerializer.js

@@ -27,7 +27,7 @@ const getFormattedValueOptions = (colDef, valueOptions, api) => {
   }
   return valueOptionsFormatted.map(option => typeof option === 'object' ? option.label : option);
 };
-export const serializeRow = (id, columns, api, defaultValueOptionsFormulae) => {
+export const serializeRow = (id, columns, api, defaultValueOptionsFormulae, options) => {
   const row = {};
   const dataValidation = {};
   const mergedCells = [];
@@ -53,6 +53,7 @@ export const serializeRow = (id, columns, api, defaultValueOptionsFormulae) => {
       });
     }
     const cellParams = api.getCellParams(id, column.field);
+    let cellValue;
     switch (cellParams.colDef.type) {
       case 'singleSelect':
         {
@@ -96,7 +97,7 @@ export const serializeRow = (id, columns, api, defaultValueOptionsFormulae) => {
         }
       case 'boolean':
       case 'number':
-        row[column.field] = api.getCellParams(id, column.field).value;
+        cellValue = api.getCellParams(id, column.field).value;
         break;
       case 'date':
       case 'dateTime':
@@ -116,7 +117,7 @@ export const serializeRow = (id, columns, api, defaultValueOptionsFormulae) => {
       case 'actions':
         break;
       default:
-        row[column.field] = api.getCellParams(id, column.field).formattedValue;
+        cellValue = api.getCellParams(id, column.field).formattedValue;
         if (process.env.NODE_ENV !== 'production') {
           if (String(cellParams.formattedValue) === '[object Object]') {
             warnInvalidFormattedValue();
@@ -124,6 +125,15 @@ export const serializeRow = (id, columns, api, defaultValueOptionsFormulae) => {
         }
         break;
     }
+    if (typeof cellValue === 'string' && options.escapeFormulas) {
+      // See https://owasp.org/www-community/attacks/CSV_Injection
+      if (['=', '+', '-', '@', '\t', '\r'].includes(cellValue[0])) {
+        cellValue = `'${cellValue}`;
+      }
+    }
+    if (typeof cellValue !== 'undefined') {
+      row[column.field] = cellValue;
+    }
   });
   return {
     row,
@@ -316,7 +326,7 @@ export async function buildExcel(options, api) {
   const valueOptionsData = await getDataForValueOptionsSheet(columns, valueOptionsSheetName, api);
   createValueOptionsSheetIfNeeded(valueOptionsData, valueOptionsSheetName, workbook);
   rowIds.forEach(id => {
-    const serializedRow = serializeRow(id, columns, api, valueOptionsData);
+    const serializedRow = serializeRow(id, columns, api, valueOptionsData, options);
     addSerializedRowToWorksheet(serializedRow, worksheet);
   });
   if (exceljsPostProcess) {

package/hooks/features/export/useGridExcelExport.js

@@ -17,7 +17,7 @@ import { jsx as _jsx } from "react/jsx-runtime";
 export const useGridExcelExport = (apiRef, props) => {
   const logger = useGridLogger(apiRef, 'useGridExcelExport');
   const getDataAsExcel = React.useCallback((options = {}) => {
-    var _options$getRowsToExp, _options$includeHeade, _options$includeColum;
+    var _options$getRowsToExp, _options$includeHeade, _options$includeColum, _options$escapeFormul;
     logger.debug(`Get data as excel`);
     const getRowsToExport = (_options$getRowsToExp = options.getRowsToExport) != null ? _options$getRowsToExp : defaultGetRowsToExport;
     const exportedRowIds = getRowsToExport({
@@ -35,7 +35,8 @@ export const useGridExcelExport = (apiRef, props) => {
       valueOptionsSheetName: (options == null ? void 0 : options.valueOptionsSheetName) || 'Options',
       columnsStyles: options == null ? void 0 : options.columnsStyles,
       exceljsPreProcess: options == null ? void 0 : options.exceljsPreProcess,
-      exceljsPostProcess: options == null ? void 0 : options.exceljsPostProcess
+      exceljsPostProcess: options == null ? void 0 : options.exceljsPostProcess,
+      escapeFormulas: (_options$escapeFormul = options.escapeFormulas) != null ? _options$escapeFormul : true
     }, apiRef.current);
   }, [logger, apiRef]);
   const exportDataAsExcel = React.useCallback(async (options = {}) => {
@@ -86,7 +87,12 @@ export const useGridExcelExport = (apiRef, props) => {
     });
     const valueOptionsData = await getDataForValueOptionsSheet(exportedColumns, valueOptionsSheetName, apiRef.current);
     const serializedColumns = serializeColumns(exportedColumns, options.columnsStyles || {});
-    const serializedRows = exportedRowIds.map(id => serializeRow(id, exportedColumns, apiRef.current, valueOptionsData));
+    const serializedRows = exportedRowIds.map(id => {
+      var _options$escapeFormul2;
+      return serializeRow(id, exportedColumns, apiRef.current, valueOptionsData, {
+        escapeFormulas: (_options$escapeFormul2 = options.escapeFormulas) != null ? _options$escapeFormul2 : true
+      });
+    });
     const columnGroupPaths = exportedColumns.reduce((acc, column) => {
       acc[column.field] = apiRef.current.unstable_getColumnGroupPath(column.field);
       return acc;

package/index.js

@@ -1,5 +1,5 @@
 /**
- * @mui/x-data-grid-premium v6.19.10
+ * @mui/x-data-grid-premium v6.20.0
  *
  * @license MUI X Commercial
  * This source code is licensed under the commercial license found in the

package/legacy/components/GridExcelExportMenuItem.js

@@ -30,6 +30,7 @@ process.env.NODE_ENV !== "production" ? GridExcelExportMenuItem.propTypes = {
     allColumns: PropTypes.bool,
     columnsStyles: PropTypes.object,
     disableToolbarButton: PropTypes.bool,
+    escapeFormulas: PropTypes.bool,
     exceljsPostProcess: PropTypes.func,
     exceljsPreProcess: PropTypes.func,
     fields: PropTypes.arrayOf(PropTypes.string),

package/legacy/hooks/features/cellSelection/useGridCellSelection.js

@@ -441,9 +441,12 @@ export var useGridCellSelection = function useGridCellSelection(apiRef, props) {
         if (fieldsMap[field]) {
           var cellParams = apiRef.current.getCellParams(rowId, field);
           cellData = serializeCellValue(cellParams, {
-            delimiterCharacter: clipboardCopyCellDelimiter,
-            ignoreValueFormatter: ignoreValueFormatter,
-            shouldAppendQuotes: false
+            csvOptions: {
+              delimiter: clipboardCopyCellDelimiter,
+              shouldAppendQuotes: false,
+              escapeFormulas: false
+            },
+            ignoreValueFormatter: ignoreValueFormatter
           });
         } else {
           cellData = '';

package/legacy/hooks/features/export/serializer/excelSerializer.js

@@ -52,7 +52,7 @@ var getFormattedValueOptions = function getFormattedValueOptions(colDef, valueOp
     return _typeof(option) === 'object' ? option.label : option;
   });
 };
-export var serializeRow = function serializeRow(id, columns, api, defaultValueOptionsFormulae) {
+export var serializeRow = function serializeRow(id, columns, api, defaultValueOptionsFormulae, options) {
   var row = {};
   var dataValidation = {};
   var mergedCells = [];
@@ -78,6 +78,7 @@ export var serializeRow = function serializeRow(id, columns, api, defaultValueOp
       });
     }
     var cellParams = api.getCellParams(id, column.field);
+    var cellValue;
     switch (cellParams.colDef.type) {
       case 'singleSelect':
         {
@@ -123,7 +124,7 @@ export var serializeRow = function serializeRow(id, columns, api, defaultValueOp
         }
       case 'boolean':
       case 'number':
-        row[column.field] = api.getCellParams(id, column.field).value;
+        cellValue = api.getCellParams(id, column.field).value;
         break;
       case 'date':
       case 'dateTime':
@@ -143,7 +144,7 @@ export var serializeRow = function serializeRow(id, columns, api, defaultValueOp
       case 'actions':
         break;
       default:
-        row[column.field] = api.getCellParams(id, column.field).formattedValue;
+        cellValue = api.getCellParams(id, column.field).formattedValue;
         if (process.env.NODE_ENV !== 'production') {
           if (String(cellParams.formattedValue) === '[object Object]') {
             warnInvalidFormattedValue();
@@ -151,6 +152,15 @@ export var serializeRow = function serializeRow(id, columns, api, defaultValueOp
         }
         break;
     }
+    if (typeof cellValue === 'string' && options.escapeFormulas) {
+      // See https://owasp.org/www-community/attacks/CSV_Injection
+      if (['=', '+', '-', '@', '\t', '\r'].includes(cellValue[0])) {
+        cellValue = "'".concat(cellValue);
+      }
+    }
+    if (typeof cellValue !== 'undefined') {
+      row[column.field] = cellValue;
+    }
   });
   return {
     row: row,
@@ -392,7 +402,7 @@ function _buildExcel() {
           valueOptionsData = _context5.sent;
           createValueOptionsSheetIfNeeded(valueOptionsData, valueOptionsSheetName, workbook);
           rowIds.forEach(function (id) {
-            var serializedRow = serializeRow(id, columns, api, valueOptionsData);
+            var serializedRow = serializeRow(id, columns, api, valueOptionsData, options);
             addSerializedRowToWorksheet(serializedRow, worksheet);
           });
           if (!exceljsPostProcess) {

package/legacy/hooks/features/export/useGridExcelExport.js

@@ -20,7 +20,7 @@ import { jsx as _jsx } from "react/jsx-runtime";
 export var useGridExcelExport = function useGridExcelExport(apiRef, props) {
   var logger = useGridLogger(apiRef, 'useGridExcelExport');
   var getDataAsExcel = React.useCallback(function () {
-    var _options$getRowsToExp, _options$includeHeade, _options$includeColum;
+    var _options$getRowsToExp, _options$includeHeade, _options$includeColum, _options$escapeFormul;
     var options = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
     logger.debug("Get data as excel");
     var getRowsToExport = (_options$getRowsToExp = options.getRowsToExport) != null ? _options$getRowsToExp : defaultGetRowsToExport;
@@ -39,7 +39,8 @@ export var useGridExcelExport = function useGridExcelExport(apiRef, props) {
       valueOptionsSheetName: (options == null ? void 0 : options.valueOptionsSheetName) || 'Options',
       columnsStyles: options == null ? void 0 : options.columnsStyles,
       exceljsPreProcess: options == null ? void 0 : options.exceljsPreProcess,
-      exceljsPostProcess: options == null ? void 0 : options.exceljsPostProcess
+      exceljsPostProcess: options == null ? void 0 : options.exceljsPostProcess,
+      escapeFormulas: (_options$escapeFormul = options.escapeFormulas) != null ? _options$escapeFormul : true
     }, apiRef.current);
   }, [logger, apiRef]);
   var exportDataAsExcel = React.useCallback( /*#__PURE__*/_asyncToGenerator( /*#__PURE__*/_regeneratorRuntime.mark(function _callee2() {
@@ -139,7 +140,10 @@ export var useGridExcelExport = function useGridExcelExport(apiRef, props) {
           valueOptionsData = _context2.sent;
           serializedColumns = serializeColumns(exportedColumns, options.columnsStyles || {});
           serializedRows = exportedRowIds.map(function (id) {
-            return serializeRow(id, exportedColumns, apiRef.current, valueOptionsData);
+            var _options$escapeFormul2;
+            return serializeRow(id, exportedColumns, apiRef.current, valueOptionsData, {
+              escapeFormulas: (_options$escapeFormul2 = options.escapeFormulas) != null ? _options$escapeFormul2 : true
+            });
           });
           columnGroupPaths = exportedColumns.reduce(function (acc, column) {
             acc[column.field] = apiRef.current.unstable_getColumnGroupPath(column.field);

package/legacy/index.js

@@ -1,5 +1,5 @@
 /**
- * @mui/x-data-grid-premium v6.19.10
+ * @mui/x-data-grid-premium v6.20.0
  *
  * @license MUI X Commercial
  * This source code is licensed under the commercial license found in the

package/legacy/utils/releaseInfo.js

@@ -1,6 +1,6 @@
 import { ponyfillGlobal } from '@mui/utils';
 export var getReleaseInfo = function getReleaseInfo() {
-  var releaseInfo = "MTcxMjg2OTIwMDAwMA==";
+  var releaseInfo = "MTcxNjUwMTYwMDAwMA==";
   if (process.env.NODE_ENV !== 'production') {
     // A simple hack to set the value in the test environment (has no build step).
     // eslint-disable-next-line no-useless-concat

package/modern/components/GridExcelExportMenuItem.js

@@ -32,6 +32,7 @@ process.env.NODE_ENV !== "production" ? GridExcelExportMenuItem.propTypes = {
     allColumns: PropTypes.bool,
     columnsStyles: PropTypes.object,
     disableToolbarButton: PropTypes.bool,
+    escapeFormulas: PropTypes.bool,
     exceljsPostProcess: PropTypes.func,
     exceljsPreProcess: PropTypes.func,
     fields: PropTypes.arrayOf(PropTypes.string),

package/modern/hooks/features/cellSelection/useGridCellSelection.js

@@ -446,9 +446,12 @@ export const useGridCellSelection = (apiRef, props) => {
         if (fieldsMap[field]) {
           const cellParams = apiRef.current.getCellParams(rowId, field);
           cellData = serializeCellValue(cellParams, {
-            delimiterCharacter: clipboardCopyCellDelimiter,
-            ignoreValueFormatter,
-            shouldAppendQuotes: false
+            csvOptions: {
+              delimiter: clipboardCopyCellDelimiter,
+              shouldAppendQuotes: false,
+              escapeFormulas: false
+            },
+            ignoreValueFormatter
           });
         } else {
           cellData = '';

package/modern/hooks/features/export/serializer/excelSerializer.js

@@ -26,7 +26,7 @@ const getFormattedValueOptions = (colDef, valueOptions, api) => {
   }
   return valueOptionsFormatted.map(option => typeof option === 'object' ? option.label : option);
 };
-export const serializeRow = (id, columns, api, defaultValueOptionsFormulae) => {
+export const serializeRow = (id, columns, api, defaultValueOptionsFormulae, options) => {
   const row = {};
   const dataValidation = {};
   const mergedCells = [];
@@ -52,6 +52,7 @@ export const serializeRow = (id, columns, api, defaultValueOptionsFormulae) => {
       });
     }
     const cellParams = api.getCellParams(id, column.field);
+    let cellValue;
     switch (cellParams.colDef.type) {
       case 'singleSelect':
         {
@@ -95,7 +96,7 @@ export const serializeRow = (id, columns, api, defaultValueOptionsFormulae) => {
         }
       case 'boolean':
       case 'number':
-        row[column.field] = api.getCellParams(id, column.field).value;
+        cellValue = api.getCellParams(id, column.field).value;
         break;
       case 'date':
       case 'dateTime':
@@ -115,7 +116,7 @@ export const serializeRow = (id, columns, api, defaultValueOptionsFormulae) => {
       case 'actions':
         break;
       default:
-        row[column.field] = api.getCellParams(id, column.field).formattedValue;
+        cellValue = api.getCellParams(id, column.field).formattedValue;
         if (process.env.NODE_ENV !== 'production') {
           if (String(cellParams.formattedValue) === '[object Object]') {
             warnInvalidFormattedValue();
@@ -123,6 +124,15 @@ export const serializeRow = (id, columns, api, defaultValueOptionsFormulae) => {
         }
         break;
     }
+    if (typeof cellValue === 'string' && options.escapeFormulas) {
+      // See https://owasp.org/www-community/attacks/CSV_Injection
+      if (['=', '+', '-', '@', '\t', '\r'].includes(cellValue[0])) {
+        cellValue = `'${cellValue}`;
+      }
+    }
+    if (typeof cellValue !== 'undefined') {
+      row[column.field] = cellValue;
+    }
   });
   return {
     row,
@@ -304,7 +314,7 @@ export async function buildExcel(options, api) {
   const valueOptionsData = await getDataForValueOptionsSheet(columns, valueOptionsSheetName, api);
   createValueOptionsSheetIfNeeded(valueOptionsData, valueOptionsSheetName, workbook);
   rowIds.forEach(id => {
-    const serializedRow = serializeRow(id, columns, api, valueOptionsData);
+    const serializedRow = serializeRow(id, columns, api, valueOptionsData, options);
     addSerializedRowToWorksheet(serializedRow, worksheet);
   });
   if (exceljsPostProcess) {

package/modern/hooks/features/export/useGridExcelExport.js

@@ -34,7 +34,8 @@ export const useGridExcelExport = (apiRef, props) => {
       valueOptionsSheetName: options?.valueOptionsSheetName || 'Options',
       columnsStyles: options?.columnsStyles,
       exceljsPreProcess: options?.exceljsPreProcess,
-      exceljsPostProcess: options?.exceljsPostProcess
+      exceljsPostProcess: options?.exceljsPostProcess,
+      escapeFormulas: options.escapeFormulas ?? true
     }, apiRef.current);
   }, [logger, apiRef]);
   const exportDataAsExcel = React.useCallback(async (options = {}) => {
@@ -85,7 +86,9 @@ export const useGridExcelExport = (apiRef, props) => {
     });
     const valueOptionsData = await getDataForValueOptionsSheet(exportedColumns, valueOptionsSheetName, apiRef.current);
     const serializedColumns = serializeColumns(exportedColumns, options.columnsStyles || {});
-    const serializedRows = exportedRowIds.map(id => serializeRow(id, exportedColumns, apiRef.current, valueOptionsData));
+    const serializedRows = exportedRowIds.map(id => serializeRow(id, exportedColumns, apiRef.current, valueOptionsData, {
+      escapeFormulas: options.escapeFormulas ?? true
+    }));
     const columnGroupPaths = exportedColumns.reduce((acc, column) => {
       acc[column.field] = apiRef.current.unstable_getColumnGroupPath(column.field);
       return acc;

package/modern/index.js

@@ -1,5 +1,5 @@
 /**
- * @mui/x-data-grid-premium v6.19.10
+ * @mui/x-data-grid-premium v6.20.0
  *
  * @license MUI X Commercial
  * This source code is licensed under the commercial license found in the

package/modern/utils/releaseInfo.js

@@ -1,6 +1,6 @@
 import { ponyfillGlobal } from '@mui/utils';
 export const getReleaseInfo = () => {
-  const releaseInfo = "MTcxMjg2OTIwMDAwMA==";
+  const releaseInfo = "MTcxNjUwMTYwMDAwMA==";
   if (process.env.NODE_ENV !== 'production') {
     // A simple hack to set the value in the test environment (has no build step).
     // eslint-disable-next-line no-useless-concat

package/node/components/GridExcelExportMenuItem.js

@@ -41,6 +41,7 @@ process.env.NODE_ENV !== "production" ? GridExcelExportMenuItem.propTypes = {
     allColumns: _propTypes.default.bool,
     columnsStyles: _propTypes.default.object,
     disableToolbarButton: _propTypes.default.bool,
+    escapeFormulas: _propTypes.default.bool,
     exceljsPostProcess: _propTypes.default.func,
     exceljsPreProcess: _propTypes.default.func,
     fields: _propTypes.default.arrayOf(_propTypes.default.string),

package/node/hooks/features/cellSelection/useGridCellSelection.js

@@ -456,9 +456,12 @@ const useGridCellSelection = (apiRef, props) => {
         if (fieldsMap[field]) {
           const cellParams = apiRef.current.getCellParams(rowId, field);
           cellData = (0, _internals.serializeCellValue)(cellParams, {
-            delimiterCharacter: clipboardCopyCellDelimiter,
-            ignoreValueFormatter,
-            shouldAppendQuotes: false
+            csvOptions: {
+              delimiter: clipboardCopyCellDelimiter,
+              shouldAppendQuotes: false,
+              escapeFormulas: false
+            },
+            ignoreValueFormatter
           });
         } else {
           cellData = '';

package/node/hooks/features/export/serializer/excelSerializer.js

@@ -40,7 +40,7 @@ const getFormattedValueOptions = (colDef, valueOptions, api) => {
   }
   return valueOptionsFormatted.map(option => typeof option === 'object' ? option.label : option);
 };
-const serializeRow = (id, columns, api, defaultValueOptionsFormulae) => {
+const serializeRow = (id, columns, api, defaultValueOptionsFormulae, options) => {
   const row = {};
   const dataValidation = {};
   const mergedCells = [];
@@ -66,6 +66,7 @@ const serializeRow = (id, columns, api, defaultValueOptionsFormulae) => {
       });
     }
     const cellParams = api.getCellParams(id, column.field);
+    let cellValue;
     switch (cellParams.colDef.type) {
       case 'singleSelect':
         {
@@ -109,7 +110,7 @@ const serializeRow = (id, columns, api, defaultValueOptionsFormulae) => {
         }
       case 'boolean':
       case 'number':
-        row[column.field] = api.getCellParams(id, column.field).value;
+        cellValue = api.getCellParams(id, column.field).value;
         break;
       case 'date':
       case 'dateTime':
@@ -129,7 +130,7 @@ const serializeRow = (id, columns, api, defaultValueOptionsFormulae) => {
       case 'actions':
         break;
       default:
-        row[column.field] = api.getCellParams(id, column.field).formattedValue;
+        cellValue = api.getCellParams(id, column.field).formattedValue;
         if (process.env.NODE_ENV !== 'production') {
           if (String(cellParams.formattedValue) === '[object Object]') {
             warnInvalidFormattedValue();
@@ -137,6 +138,15 @@ const serializeRow = (id, columns, api, defaultValueOptionsFormulae) => {
         }
         break;
     }
+    if (typeof cellValue === 'string' && options.escapeFormulas) {
+      // See https://owasp.org/www-community/attacks/CSV_Injection
+      if (['=', '+', '-', '@', '\t', '\r'].includes(cellValue[0])) {
+        cellValue = `'${cellValue}`;
+      }
+    }
+    if (typeof cellValue !== 'undefined') {
+      row[column.field] = cellValue;
+    }
   });
   return {
     row,
@@ -320,7 +330,7 @@ async function buildExcel(options, api) {
   const valueOptionsData = await getDataForValueOptionsSheet(columns, valueOptionsSheetName, api);
   createValueOptionsSheetIfNeeded(valueOptionsData, valueOptionsSheetName, workbook);
   rowIds.forEach(id => {
-    const serializedRow = serializeRow(id, columns, api, valueOptionsData);
+    const serializedRow = serializeRow(id, columns, api, valueOptionsData, options);
     addSerializedRowToWorksheet(serializedRow, worksheet);
   });
   if (exceljsPostProcess) {

package/node/hooks/features/export/useGridExcelExport.js

@@ -42,7 +42,8 @@ const useGridExcelExport = (apiRef, props) => {
       valueOptionsSheetName: options?.valueOptionsSheetName || 'Options',
       columnsStyles: options?.columnsStyles,
       exceljsPreProcess: options?.exceljsPreProcess,
-      exceljsPostProcess: options?.exceljsPostProcess
+      exceljsPostProcess: options?.exceljsPostProcess,
+      escapeFormulas: options.escapeFormulas ?? true
     }, apiRef.current);
   }, [logger, apiRef]);
   const exportDataAsExcel = React.useCallback(async (options = {}) => {
@@ -93,7 +94,9 @@ const useGridExcelExport = (apiRef, props) => {
     });
     const valueOptionsData = await (0, _excelSerializer.getDataForValueOptionsSheet)(exportedColumns, valueOptionsSheetName, apiRef.current);
     const serializedColumns = (0, _excelSerializer.serializeColumns)(exportedColumns, options.columnsStyles || {});
-    const serializedRows = exportedRowIds.map(id => (0, _excelSerializer.serializeRow)(id, exportedColumns, apiRef.current, valueOptionsData));
+    const serializedRows = exportedRowIds.map(id => (0, _excelSerializer.serializeRow)(id, exportedColumns, apiRef.current, valueOptionsData, {
+      escapeFormulas: options.escapeFormulas ?? true
+    }));
     const columnGroupPaths = exportedColumns.reduce((acc, column) => {
       acc[column.field] = apiRef.current.unstable_getColumnGroupPath(column.field);
       return acc;

package/node/index.js

@@ -1,5 +1,5 @@
 /**
- * @mui/x-data-grid-premium v6.19.10
+ * @mui/x-data-grid-premium v6.20.0
  *
  * @license MUI X Commercial
  * This source code is licensed under the commercial license found in the

package/node/utils/releaseInfo.js

@@ -6,7 +6,7 @@ Object.defineProperty(exports, "__esModule", {
 exports.getReleaseInfo = void 0;
 var _utils = require("@mui/utils");
 const getReleaseInfo = () => {
-  const releaseInfo = "MTcxMjg2OTIwMDAwMA==";
+  const releaseInfo = "MTcxNjUwMTYwMDAwMA==";
   if (process.env.NODE_ENV !== 'production') {
     // A simple hack to set the value in the test environment (has no build step).
     // eslint-disable-next-line no-useless-concat

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mui/x-data-grid-premium",
-  "version": "6.19.10",
+  "version": "6.20.0",
   "description": "The Premium plan edition of the data grid component (MUI X).",
   "author": "MUI Team",
   "main": "./node/index.js",
@@ -33,8 +33,8 @@
   "dependencies": {
     "@babel/runtime": "^7.23.2",
     "@mui/utils": "^5.14.16",
-    "@mui/x-data-grid": "6.19.10",
-    "@mui/x-data-grid-pro": "6.19.10",
+    "@mui/x-data-grid": "6.20.0",
+    "@mui/x-data-grid-pro": "6.20.0",
     "@mui/x-license-pro": "6.10.2",
     "@types/format-util": "^1.0.3",
     "clsx": "^2.0.0",

package/utils/releaseInfo.js

@@ -1,6 +1,6 @@
 import { ponyfillGlobal } from '@mui/utils';
 export const getReleaseInfo = () => {
-  const releaseInfo = "MTcxMjg2OTIwMDAwMA==";
+  const releaseInfo = "MTcxNjUwMTYwMDAwMA==";
   if (process.env.NODE_ENV !== 'production') {
     // A simple hack to set the value in the test environment (has no build step).
     // eslint-disable-next-line no-useless-concat