kivi.parse_amount: bei ungültigen mathematischen Ausdrücken 0 zurückliefern

[mfinanz.git] / js / kivi.js

diff --git a/js/kivi.js b/js/kivi.js
index e17294a128fd95773b5bba74826615008a982bc5..c6b70747308dcec930b7e74fcf8267b033cd82ee 100644 (file)
--- a/js/kivi.js
+++ b/js/kivi.js
@@ -61,8 +61,16 @@ namespace("kivi", function(ns) {
 
     amount = amount.replace(/[\',]/g, "")
 
+    // Make sure no code wich is not a math expression ends up in eval().
+    if (!amount.match(/^[0-9 ()\-+*/.]*$/))
+      return 0;
+
     /* jshint -W061 */
-    return eval(amount);
+    try {
+      return eval(amount);
+    } catch (err) {
+      return 0;
+    }
   };
 
   ns.round_amount = function(amount, places) {