fix(loyalty): sanitize earn amount input on every keystroke
Some checks failed
Some checks failed
Switch from type=number (leaks special chars via compose keys) to type=text with @input sanitizer that strips non-digit/non-dot characters and prevents multiple dots. Handles accented characters, paste, and compose key sequences. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -212,9 +212,9 @@
|
|||||||
<label class="block text-xs text-gray-500 dark:text-gray-400 mb-1">{{ _('loyalty.store.terminal.purchase_amount') }}</label>
|
<label class="block text-xs text-gray-500 dark:text-gray-400 mb-1">{{ _('loyalty.store.terminal.purchase_amount') }}</label>
|
||||||
<div class="relative">
|
<div class="relative">
|
||||||
<span class="absolute inset-y-0 left-0 flex items-center pl-3 text-gray-500">EUR</span>
|
<span class="absolute inset-y-0 left-0 flex items-center pl-3 text-gray-500">EUR</span>
|
||||||
<input type="number" step="0.01" min="0" inputmode="decimal" {# noqa: FE-008 #}
|
<input type="text" inputmode="decimal" {# noqa: FE-008 #}
|
||||||
x-model.number="earnAmount"
|
x-model="earnAmount"
|
||||||
@keypress="if (!/[\d.]/.test($event.key) && $event.key !== 'Backspace' && $event.key !== 'Tab') $event.preventDefault()"
|
@input="earnAmount = $event.target.value.replace(/[^\d.]/g, '').replace(/(\..*)\./g, '$1')"
|
||||||
class="w-full pl-12 pr-4 py-2 text-sm border border-gray-300 dark:border-gray-600 rounded-lg focus:border-green-400 focus:outline-none dark:bg-gray-700 dark:text-gray-300">
|
class="w-full pl-12 pr-4 py-2 text-sm border border-gray-300 dark:border-gray-600 rounded-lg focus:border-green-400 focus:outline-none dark:bg-gray-700 dark:text-gray-300">
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
Reference in New Issue
Block a user