X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/mfinanz.git/blobdiff_plain/fb63efe1b63573c2ee3535cb2f9e63502dd0e848..36d1d6a42c18b4c7743c24ff3ebf02e81c470f7b:/js/kivi.js

diff --git a/js/kivi.js b/js/kivi.js
index e17294a12..c6b707473 100644
--- a/js/kivi.js
+++ b/js/kivi.js
@@ -61,8 +61,16 @@ namespace("kivi", function(ns) {
 
     amount = amount.replace(/[\',]/g, "")
 
+    // Make sure no code wich is not a math expression ends up in eval().
+    if (!amount.match(/^[0-9 ()\-+*/.]*$/))
+      return 0;
+
     /* jshint -W061 */
-    return eval(amount);
+    try {
+      return eval(amount);
+    } catch (err) {
+      return 0;
+    }
   };
 
   ns.round_amount = function(amount, places) {