diff --git a/app/routes/contributions.js b/app/routes/contributions.js
index 14327c9e..a31b8ed4 100644
--- a/app/routes/contributions.js
+++ b/app/routes/contributions.js
@@ -21,9 +21,9 @@ function ContributionsHandler (db) {
 
         /*jslint evil: true */
         // Insecure use of eval() to parse inputs
-        const preTax = eval(req.body.preTax);
-        const afterTax = eval(req.body.afterTax);
-        const roth = eval(req.body.roth);
+        const preTax = parseInt(req.body.preTax, 10);
+        const afterTax = parseInt(req.body.afterTax, 10);
+        const roth = parseInt(req.body.roth, 10);
 
         /*
         //Fix for A1 -1 SSJS Injection attacks - uses alternate method to eval