kivi.parse_amount: bei ungültigen Zeichen 0 zurückgeben

author Moritz Bunkus <m.bunkus@linet-services.de>

Mon, 6 Feb 2017 10:46:31 +0000 (11:46 +0100)

committer Moritz Bunkus <m.bunkus@linet-services.de>

Mon, 6 Feb 2017 10:46:31 +0000 (11:46 +0100)
author Moritz Bunkus <m.bunkus@linet-services.de>
Mon, 6 Feb 2017 10:46:31 +0000 (11:46 +0100)
committer Moritz Bunkus <m.bunkus@linet-services.de>
Mon, 6 Feb 2017 10:46:31 +0000 (11:46 +0100)
diff --git a/js/kivi.js b/js/kivi.js

index e17294a..dbf5a0e 100644 (file)
--- a/js/kivi.js
+++ b/js/kivi.js
@@ -61,6 +61,10 @@ namespace("kivi", function(ns) {
  
      amount = amount.replace(/[\',]/g, "")
  
+    // Make sure no code wich is not a math expression ends up in eval().
+    if (!amount.match(/^[0-9 ()\-+*/.]*$/))
+      return 0;
+
      /* jshint -W061 */
      return eval(amount);
    };
diff --git a/js/t/kivi/parse_amount.js b/js/t/kivi/parse_amount.js

index 9b7d2aa..1ef2b11 100644 (file)
--- a/js/t/kivi/parse_amount.js
+++ b/js/t/kivi/parse_amount.js
@@ -109,3 +109,9 @@ QUnit.test("kivi.parse_amount function numbers with leading 0 should still be pa
    assert.equal(kivi.parse_amount('0123456789'),   123456789, '0123456789');
    assert.equal(kivi.parse_amount('000123456789'), 123456789, '000123456789');
  });
+
+QUnit.test("kivi.parse_amount function German number style with thousand separator & contains invalid characters", function( assert ) {
+  kivi.setup_formats({ numbers: '1.000,00' });
+
+  assert.equal(kivi.parse_amount('iuh !@#$% 10,00'), 0, 'iuh !@#$% 10,00');
+});
author	Moritz Bunkus <m.bunkus@linet-services.de>
	Mon, 6 Feb 2017 10:46:31 +0000 (11:46 +0100)
committer	Moritz Bunkus <m.bunkus@linet-services.de>
	Mon, 6 Feb 2017 10:46:31 +0000 (11:46 +0100)
js/kivi.js		patch \| blob \| history
js/t/kivi/parse_amount.js		patch \| blob \| history