Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Sunday September 22 2019, @08:23AM   Printer-friendly
from the testing-is-important dept.

Submitted via IRC for Bytram

The '$4.4m a year' bug: Chipotle online orders swallowed by JavaScript credit-card form blunder

Chipotle Mexican Grill has been leaving money on the table, thanks to an apparent bug in the restaurant chain's e-commerce operation.

On Thursday, Jason Grigsby, co-founder of app development biz Cloud Four, published his analysis of the eatery's online order form. The webpage code, he claims, contains an error that he estimates is costing the company millions in lost sales.

While attempting to submit an order, Grigsby encountered two error messages, one indicating that the website had been unable to save his credit card number – despite having not checked the box to allow this – and the other being a general submission error.

The errors happened every time he tried to use his browser's autofill capability but not when the data was entered manually. Upon further scrutiny, he noticed that his credit card's expiration date kept being changed after the date was filled in.

Grigsby traced the problem to the way the food biz implemented the expiration date input field in its order form. The order form, built using JavaScript with the Angular framework, relies on an Angular module called ui-mask, which allows developers to limit input based on a predetermined pattern.

In this case, the ui-mask="99" attribute limits the expiration date input field to two characters, but it provides the wrong ones. "When autofill tries to enter 2023, this ui-mask only lets the first two characters be entered," explains Grigsby.

By altering the credit-card expiration date, the form returns an error and prevents the order from going through. "I assume it is the backend processor rejecting the card because the expiration year is wrong [since] it happens after form submission," he explained in an email to The Register.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.