SUPPUASTPDS Episode 1: Bad HTML Could Cost You Millions?

SUPPUASTPDS Episode 1: Bad HTML Could Cost You Millions?


Hello and welcome to The Strategically Unnamed
Programming Podcast Unnamed As Such To Prevent Domain Swatting or SUPPUASTPDS hosted by me,
Farai Gandiya, a chronically unemployed CS graduate with way too much time on his hands. On this podcast, I hope to explore computer
bugs, prominent and otherwise. In this inaugural episode, I’ll share a
couple of benign bugs caused by poorly coded HTML which could cost the respective companies
millions in lost (or gained) revenue. Keyword could. The people who found these bugs needed some
clickbait so they made some speculation of their potential impacts. So, let’s begin! The first such bug was found by Jason Grigsby,
a web developer with hungry parents craving Chipotle. Rushing to pay for lunch before his parents
did, Jason hoped to use autofill feature to fill in payment details which resulted in
cryptic error messages. He eventually filled in the form before his
mother came around with her credit card, giving him more good boy points. With his good boy points, he decided to investigate. He discovered that Chipotle’s website was
built with Angular which used the `ui-mask` module to limit the characters that can be
entered into the payment form. This prevented the date from being entered
in properly since the mask was set up to detect just two characters, ignoring subsequent characters. So entering 2023 would enter 20, ignoring
the 23. A rather contrived solution given that HTML5
has built-in validation, relevant to this is `maxlength` which limits the number of
characters can be entered. Autofill is smart enough to realize that it’s
a year field and use the last two digits of the credit card expiry date… year. Jason estimates that Chipotle will miss out
on $4.4 million a year from this missing attribute. Given 1 million transactions a week, 0.05%
of people who might run away due to the faulty form, that results in 5,000 users abandoning
their order. With an average purchase of $17 an order,
that results in $85,000 a week which becomes $4.4 million over 52 weeks— a year. Should probably be slightly more at $4,435,178.57
given that there are actually 52.17857142857143 weeks in a year. Slightly more due to the earth’s rotation,
tides and whatnot. All because of a missing `maxlength=2`. That successful clickbait inspired more clickbait. Adrian Roselli, an accessibility expert, used
it as an opportunity to make the business case for accessibility. He recalls a time where he was trying to fund
a project on Indiegogo only to be met with a screen reader message “edit on autocomplete”
and for autocomplete to be impossible since the form’s `

Leave a Reply

Your email address will not be published. Required fields are marked *