Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Editing the Spending Cap value by including symbols such as "-", "+" or "e" activates the Remove Permission screen #28096

Closed
sleepytanya opened this issue Oct 25, 2024 · 0 comments · Fixed by #28192
Closed

[Bug]: Editing the Spending Cap value by including symbols such as "-", "+" or "e" activates the Remove Permission screen #28096

sleepytanya opened this issue Oct 25, 2024 · 0 comments · Fixed by #28192
Assignees
@pedronfigueiredo
Labels
regression-RC-12.6.0 Regression bug that was found in release candidate (RC) for release 12.6.0 release-12.8.0 Issue or pull request that will be included in release 12.8.0 team-confirmations Push issues to confirmations team type-bug

Comments

@sleepytanya
Copy link
Contributor

sleepytanya commented Oct 25, 2024
edited by pnarayanaswamy
Loading

Describe the bug

Editing the Spending Cap value by including symbols such as "-", "+" or "e" activates the Remove Permission screen.

Related: #27672

Expected behavior

  • Symbols should not be allowed in the field

Screenshots/Recordings

removePermission.mov

Steps to reproduce

  1. Go to test dapp
  2. Click Approve tokens
  3. Edit Spending Cap and include symbols

Error messages or log output

No response

Detection stage

During release testing

Version

12.6.0

Build type

None

Browser

Chrome

Operating system

MacOS

Hardware wallet

No response

Additional context

No response

Severity

No response
@sleepytanya sleepytanya added type-bug team-confirmations Push issues to confirmations team regression-RC-12.6.0 Regression bug that was found in release candidate (RC) for release 12.6.0 labels Oct 25, 2024
@github-project-automation github-project-automation bot moved this to To be fixed in Bugs by team Oct 25, 2024
@github-project-automation github-project-automation bot moved this to To be fixed in Bugs by severity Oct 25, 2024
@sleepytanya sleepytanya mentioned this issue Oct 28, 2024
Closed
@pedronfigueiredo pedronfigueiredo self-assigned this Oct 30, 2024
@pedronfigueiredo pedronfigueiredo mentioned this issue Oct 30, 2024
Merged
7 tasks
github-merge-queue bot pushed a commit that referenced this issue Nov 4, 2024
@pedronfigueiredo
fix: Prevent coercing symbols to zero in the edit spending cap modal (#…
49e5e78 
…28192)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

Since the `TextField` in the "edit spending cap" modal has a type
`TextFieldType.Number`, it already blocks most symbols and letters.
However, it does currently support `+`, `-` and `e` characters as they
can be used to construe numbers.

For example, when a `-` sign is introduced in the input field, the
interim value is coerced to `''`, as there is no numerical equivalent to
the sign by itself. The first part of this fix was to disable the "Save"
button on such cases. If the user wants to revoke the spending cap, they
can introduce `0`, but `''` is not a valid response.

Furthermore, when a valid number is introduced but that uses scientific
notation or `+`/`-` signs, the submission is disabled and a validation
message is shown to the user: "Enter numbers only".

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/28192?quickstart=1)

## **Related issues**

Fixes:
[#28096](#28096)

## **Manual testing steps**

1. Deploy an erc20 token contract in the test DApp
2. Trigger an approve confirmation
3. Attempt to edit the spending cap with -1, 10e10, or any others.
4. You should be prevented from submitting and see the validation
message.

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**

<!-- [screenshots/recordings] -->

### **After**

<!-- [screenshots/recordings] -->
<img width="360" alt="Screenshot 2024-10-30 at 17 46 48"
src="https://github.com/user-attachments/assets/1e05da98-e362-45ee-8fd0-a988e853677b">


## **Pre-merge author checklist**

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.
@github-project-automation github-project-automation bot moved this from To be fixed to Fixed in Bugs by severity Nov 4, 2024
@github-project-automation github-project-automation bot moved this from To be fixed to Fixed in Bugs by team Nov 4, 2024
@metamaskbot metamaskbot added the release-12.8.0 Issue or pull request that will be included in release 12.8.0 label Nov 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pedronfigueiredo pedronfigueiredo

Labels
regression-RC-12.6.0 Regression bug that was found in release candidate (RC) for release 12.6.0 release-12.8.0 Issue or pull request that will be included in release 12.8.0 team-confirmations Push issues to confirmations team type-bug
Projects
Bugs by severity
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Prevent coercing symbols to zero in the edit spending cap modal MetaMask/metamask-extension
4 participants
@pedronfigueiredo @metamaskbot @sleepytanya and others