From 380c86274cfb967697d38b82847e5c0301b0d935 Mon Sep 17 00:00:00 2001 From: "Michael[tm] Smith" Date: Fri, 16 Sep 2016 13:51:11 +0900 Subject: [PATCH 1/4] Make UAs throw for invalid monetary amounts --- index.html | 40 +++++++++++++++++++++++++++++++++++----- 1 file changed, 35 insertions(+), 5 deletions(-) diff --git a/index.html b/index.html index 23f6311e..3ef2f97f 100644 --- a/index.html +++ b/index.html @@ -386,10 +386,24 @@

PaymentRequest constructor

If details does not contain a value for total, then throw a TypeError. +
  • + If details.total.amount.value is not a valid decimal monetary value, then throw a + TypeError. +
  • If the first character of details.total.amount.value is U+002D HYPHEN-MINUS, then throw a TypeError. total MUST be a non-negative amount.
    • +
  • + If the details.displayItems sequence contains any PaymentItem + objects with an amount that is not a valid decimal monetary value, then throw a + TypeError. +
    • +
  • + If the details.shippingOptions sequence contains any PaymentShippingOption + objects with an amount that is not a valid decimal monetary value, then throw a + TypeError. +
  • If a payment method identifier appears more than once in the methodData or details.modifiers sequences, then throw a TypeError. @@ -398,11 +412,21 @@

    PaymentRequest constructor

    For each PaymentMethodData in methodData, if the data field is supplied but is not a JSON-serializable object, then throw a TypeError.
    • +
  • + For each PaymentDetailsModifier in details.modifiers, if the total field + is supplied and is not a valid decimal monetary value, then throw a TypeError. +
  • For each PaymentDetailsModifier in details.modifiers, if the total field is supplied and the first character of total.amount.value is U+002D HYPHEN-MINUS, then throw a TypeError. total MUST be a non-negative amount.
    • +
  • + For each PaymentDetailsModifier in details.modifiers, if the + additionalDisplayItems sequence contains any PaymentItem + objects with an amount that is not a valid decimal monetary value, then throw a + TypeError. +
  • Let request be a new PaymentRequest.
  • Store methodData into request@[[\methodData]]. @@ -648,12 +672,18 @@

    PaymentCurrencyAmount

    value
    - A string containing the decimal monetary value. If a decimal separator is needed, then the string - MUST use a single U+002E FULL STOP character as the decimal separator. The string MUST begin - with a single U+002D HYPHEN-MINUS character if the value is negative. All other characters must - be characters in the range U+0030 DIGIT ZERO (0) to U+0039 DIGIT NINE (9). + A valid decimal monetary value containing a monetary amount. A string is a valid + decimal monetary value if it consists of the following components in the given order: +
      +
    1. Optionally, a single U+002D HYPHEN-MINUS character (-), to indicate that the amount is + negative
      2. +
    2. One or more characters in the range U+0030 DIGIT ZERO (0) to U+0039 DIGIT NINE (9)
      3. +
    3. Optionally, a single U+002E FULL STOP character (.) followed by one or more characters in + the range U+0030 DIGIT ZERO (0) to U+0039 DIGIT NINE (9)
      4. +
    - The string should match the regular expression ^-?[0-9]+(\.[0-9]+)?$. + The following regular expression is an implementation of the above definition. + 
    ^-?[0-9]+(\.[0-9]+)?$
    From 03582c902aac2c828d5fe4aa318b943550da3892 Mon Sep 17 00:00:00 2001 From: Ade Bateman Date: Fri, 16 Sep 2016 14:05:17 -0700 Subject: [PATCH 2/4] Update the updateWith algorithm to ignore values that are not valid decimal monetary values. --- index.html | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/index.html b/index.html index 0886137b..fcbb9817 100644 --- a/index.html +++ b/index.html @@ -404,10 +404,6 @@

    PaymentRequest constructor

    objects with an amount that is not a valid decimal monetary value, then throw a TypeError.
    • -
  • - If a payment method identifier appears more than once in the methodData - or details.modifiers sequences, then throw a TypeError. -
  • If details contains a value for error, then throw a TypeError. @@ -1227,14 +1223,18 @@

    updateWith()

    PaymentDetails dictionary, then:
    1. - If details contains a total value and the first character of + If details contains a total value and total.amount.value + is a valid decimal monetary value and the first character of total.amount.value is NOT U+002D HYPHEN-MINUS, then copy total value to the total field of target@[[\details]] (total MUST be a non-negative amount).
    2. - If details contains a displayItems value, then copy - this value to the displayItems field of target@[[\details]]. + If details contains a displayItems value and every + PaymentItem in the displayItems has an + amount.value containing a valid decimal monetary value, + then copy details.displayItems to the displayItems + field of target@[[\details]].
    3. If details contains a modifiers value, then copy @@ -1245,7 +1245,9 @@

      updateWith()

      1. If the details.shippingOptions sequence contains multiple - PaymentShippingOption objects that have the same id, + PaymentShippingOption objects that have the same id + or if any PaymentShippingOption has an amount.value + that is not a valid decimal monetary value, then set the shippingOptions field of request@[[\details]] to an empty sequence. Otherwise copy the shippingOptions sequence from details to the From dc7d92edaaacd2e4faa91859958526101aa2f82d Mon Sep 17 00:00:00 2001 From: Ade Bateman Date: Fri, 16 Sep 2016 14:15:57 -0700 Subject: [PATCH 3/4] Ensure that modifiers contains valid decimal monetary value in updateWith --- index.html | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/index.html b/index.html index fcbb9817..3a5d38e2 100644 --- a/index.html +++ b/index.html @@ -1237,8 +1237,18 @@

        updateWith()

        field of target@[[\details]].
      2. - If details contains a modifiers value, then copy - this value to the modifiers field of target@[[\details]]. + If details contains a modifiers value, then: +
          +
        1. Let modifiers be the sequence details.modifiers.
          2. +
        2. For each PaymentDetailsModifier in modifiers, if the + total field is supplied and is not a valid decimal monetary value, + then set modifiers to an empty sequence.
          3. +
        3. For each PaymentDetailsModifier in modifiers, if the + additionalDisplayItems sequence contains any PaymentItem + objects with an amount that is not a valid decimal monetary value, + then set modifiers to an empty sequence.
          4. +
        4. Copy modifiers to the modifiers field of target@[[\details]].
          5. +
      3. If details contains a shippingOptions sequence, then: From aec48cce70c3510b460f945467c6162e8503a09e Mon Sep 17 00:00:00 2001 From: Ade Bateman Date: Fri, 16 Sep 2016 14:20:50 -0700 Subject: [PATCH 4/4] Simplify the description of the updateWith algorithm for shipping options --- index.html | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/index.html b/index.html index 3a5d38e2..adba0af0 100644 --- a/index.html +++ b/index.html @@ -1253,15 +1253,18 @@

        updateWith()

      4. If details contains a shippingOptions sequence, then:
          +
        1. Let shippingOptions be the sequence details.shippingOptions.
        2. - If the details.shippingOptions sequence contains multiple - PaymentShippingOption objects that have the same id - or if any PaymentShippingOption has an amount.value - that is not a valid decimal monetary value, - then set the shippingOptions field of request@[[\details]] - to an empty sequence. - Otherwise copy the shippingOptions sequence from details to the - shippingOptions field of target@[[\details]]. + If the shippingOptions sequence contains multiple + PaymentShippingOption objects that have the same id, + then set shippingOptions to the empty sequence.
          3. +
        3. + If the shippingOptions sequence contains a PaymentShippingOption + that has an amount.value that is not a valid decimal monetary value, + then set shippingOptions to the empty sequence.
          4. +
        4. + Copy shippingOptions to the shippingOptions field of + target@[[\details]].
        5. Let newOption be null.