[ic] Massive quantity bug with Certain chrome versions

[Sam Batschelet]

On 08/17/2016 08:17 AM, DB wrote:
>> This is a heads up for those running old Foundation shops, and possibly
>> others (not sure to which other demos this extends).  Specific versions
>> of the Chrome browser (51.0.2704.81 and 51.0.2704.103) on seemingly all
>> platforms (confirmed Windows 10, Android and Linux) seem to have a
>> tendency to want to auto-fill in the user's zip code in the quantity0
>> field of the shopping cart on the single checkout page.  This has the
>> result of customers inadvertently placing orders with five, and nine
>> digit quantities in there, resulting in attempted charges of millions of
>> dollars to their credit cards.
>>
>> The simple fix is to add autocomplete="off" to the quantity input in
>> include/checkout/shopping_cart.  This should also be added to other
>> fields throughout the demo where the browser has no business trying to
>> auto-fill data.
>>
>>
>> Peter
> 
> 
> I have recently seen a couple failed charges for crazy-high dollar
> amounts. Thanks for reporting this!
> 

I have done a fair bit of research on this and a few things to note:

* Chrome does not honor autocomplete=off on the input level.
* But.. "If we encounter an autocomplete attribute that we don't
recognize, we won't try and fill it." ie autocomplete="SkipMePlease" on
the input level.

[reference - read last entry]
https://bugs.chromium.org/p/chromium/issues/detail?id=468153

I hope this helps a few people.

-- 
Warm Regards,

Sam Batschelet
End Point Corporation