Comment 5 for bug 1842749

I am unclear why this has been treated as security issue in Horizon and as a Horizon issue at all.

A security issue in Horizon would either reveal credentials or would allow to get access to functions, the user is not allowed. None of that is the case here.

In this case, the issue happens in the end users operating system. Following that logic, you'd also need to patch text editors to forbid to write the given sequences described at the top.

In my point of view, the real issue needs fixing is the handling of the csv files in end users systems to not allow actions to be launched from spreadsheets.