The '$4.4m a Year' Bug: Chipotle Online Orders Swallowed by JavaScript Blunder
upstart writes:
Submitted via IRC for Bytram
The '$4.4m a year' bug: Chipotle online orders swallowed by JavaScript credit-card form blunder
Chipotle Mexican Grill has been leaving money on the table, thanks to an apparent bug in the restaurant chain's e-commerce operation.
On Thursday, Jason Grigsby, co-founder of app development biz Cloud Four, published his analysis of the eatery's online order form. The webpage code, he claims, contains an error that he estimates is costing the company millions in lost sales.
While attempting to submit an order, Grigsby encountered two error messages, one indicating that the website had been unable to save his credit card number - despite having not checked the box to allow this - and the other being a general submission error.
The errors happened every time he tried to use his browser's autofill capability but not when the data was entered manually. Upon further scrutiny, he noticed that his credit card's expiration date kept being changed after the date was filled in.
Grigsby traced the problem to the way the food biz implemented the expiration date input field in its order form. The order form, built using JavaScript with the Angular framework, relies on an Angular module called ui-mask, which allows developers to limit input based on a predetermined pattern.
In this case, the ui-mask="99" attribute limits the expiration date input field to two characters, but it provides the wrong ones. "When autofill tries to enter 2023, this ui-mask only lets the first two characters be entered," explains Grigsby.
By altering the credit-card expiration date, the form returns an error and prevents the order from going through. "I assume it is the backend processor rejecting the card because the expiration year is wrong [since] it happens after form submission," he explained in an email to The Register.
Read more of this story at SoylentNews.