Sanitize CSV data from having any executable functions in its cells.

thwart_csv_injection.js

var csvData = 'generate,=your(stuff),@here';
// Protect against CSV injection - ensure cells don't have ( ), or start with = @ + - unless followed by digit
csvData = csvData.replace(/([()])/g, '').replace(/(^|[,\n\r])([=@+-]+)(?=[\D\.])/g, (match, offset, string) => {
  return match.replace(/[^,\n\r]/g, '');
});