I recently spent a week fixing a bulk import feature to prevent CSV injection attacks. Here's what happened: a user uploads a list of employees, and an admin exports that list as a CSV. If the CSV ...