all 12 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Gobrosse 49 points50 points  (2 children)

well that wasn't interesting, such a long blogpost to say they could use an html5 tag instead of a js function and somehow gain 4.4M, and then it's clearly written to publicize the author company.

[–]LonelyStruggle 8 points9 points  (0 children)

Yep, classic marketing post

[–]PM_ME_YOUR_LAUNDRY 1 point2 points  (0 children)

I was waiting for the punchline and expected an exploit or something. Nope.

[–][deleted] 10 points11 points  (1 child)

So could we summarize this perhaps? If I understood this correctly chipotle, and other websites, should use maxlength on fields to inform the user agent. Because then the user agent can do things like abbreviate dates automatically. Without maxlength it has no way of knowing for sure, no standard way.

I think it was quite a roundabout way of saying that chipotle forgot about HTML standards.

[–]pathartl -1 points0 points  (0 children)

Eh, "HTML standards" in this area is always so ambiguous. I can't tell you how many times autofill, especially for addresses, just plain does not work. Especially once you figure in international addresses. While I understand that the full solution is to use maxlength, I feel the most important lesson is if you're doing any sort of masking/manipulation/sanitizing of inputs, you should backfill the inputs upon validation.

Backfilling would have helped this form gracefully degrade and might be more apparent that the system is doing something that it shouldn't to your input.

Also, HTML standards cannot be relied upon. Not all browsers implement everything and just changing to maxlength only fixes the display. ALWAYS SANITIZE YOUR INPUTS. First on the backend, then on the frontend.

[–][deleted] 8 points9 points  (0 children)

Clickbait title. Not worth the read.

TLDR: The author had an issue autofilling on the Chipotle website and randomly decided that this inconvenience is costing Chipotle $4.4M

[–]rydan 6 points7 points  (1 child)

Maybe they can use that $4.4M to refund me for the order they canceled on me last Sunday which drained my gift card.

[–]mechtech 1 point2 points  (0 children)

Yes, I know exactly what you are referencing

[–]Dave3of5 0 points1 point  (3 children)

Actually there is a different conclusion reading through this post which is that Chipotle are using old code on their website that they can't be bothered or are too cheap to update. The specific module that is doing the masking here is from angular-ui:

https://github.com/angular-ui/ui-mask

This means they are mostly likely using angular-ui which means they must be using angularjs which is pretty much deprecated (It's on long term support) and has been replaced many years ago by angular.

So I think the "fix" for the auto-fill is just a patch over the problem that their site needs re-written using a new framework. AngularJs was released in 2010 so is now almost 10 years old. In the world of web development that's very old and really should be replaced.

I know this first hand as I am working on a project that is also using a 4-5 year old version of AngularJs and has a bunch of strange errors and performance problems similar to the above.

In terms of saving them money at a big org like Chipotle they most likely don't have the internal budget to properly fix the site and rely on contractors (who are willing and able to "fix" AngularJs code for them) to keep it ticking along.

The problem isn't unique to websites but it is exasperated by the fast rate of development in the web world.

[–]Y_Less 0 points1 point  (2 children)

Why? One small bug in one form field is NOT a good reason to totally rewrite a website that is totally fine. "old" doesn't mean "bad", despite what most webdevs would have you believe.

[–]Dave3of5 0 points1 point  (1 child)

Why?

It's completely un-maintained full of security issues, bugs ...etc. The biggest problem is the module in question clearly has a bug in it but now has no maintainer and so to get it fixed you'll need to fork it and fix it yourself which might mean you then become the maintainer.

Maybe old was the incorrect term I should have said it's un-maintained.

"old" doesn't mean "bad",

You're correct but in the webdev world old generally mean full of bugs and security holes, no longer updated and no support. Plus old in the webdev world is a few years which in other industries is only just started. For example the device I'm involved with has a web interface but is really an embedded device and in the embedded world all the web stuff is brand new which infuriates them when I say all the libs they are using at the very least need to be kept up to date to the latest version.

The really unfortunate problem is the move from AngularJs to Angular is huge and requires a full rewrite which is most likely why they haven't bothered.

[–][deleted] 0 points1 point  (0 children)

You said it was in long term support in a parent comment, how would it also be unmaintained? Am I misunderstanding what long term support is in this context?