Issues with NumberField on Mozilla Firefox

Which tool versions are you using?

SDK: v13.4.0
Platform: v22.08.6
Python: v3.10.7
Isolation mode: venv
Firefox version: 105.0.1 (64-bit)

Current Behavior

One of our users experiences some problems with numberfields using Mozilla Firefox. It is possible to use either comma’s or points for decimals. Mostly it is very robust, as you cannot do both or repeat a comma or a point → so far so good.

It appears that on Firefox the number is not converted to a float correctly when using a comma. → the value is evaluated as zero. I think this is quite risky because no error is raised! → as far as the user knows everything is well.

→ thankfully in this app it is shown in a visualisation, but imagine if it is used in a calculation.

See screenshot beneath for the behaviour:

Because of this behaviour: We tried some other funky things, could you please DM me about that → not sure if I found a security issue, but at very least I want to let you know, but not into the wide open.

Expected Behavior

I would expect a correct conversion for all browers, or an error raised when something is not correct → or just prevent the comma as input.

sent you a DM about the security concern

1 Like

for other reading this thread: if you want to disclose a possible security problem in the viktor product, please use the procedure outlined here: VIKTOR: Responsible Disclosure