From 7136809e8c1c5a2509b61f166987787ed64e9716 Mon Sep 17 00:00:00 2001
From: gregory-legit <80197400+gregory-legit@users.noreply.github.com>
Date: Sun, 21 Sep 2025 14:18:25 +0300
Subject: [PATCH] [LEGIT] Fix - js/code-injection

---
 app/routes/contributions.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/routes/contributions.js b/app/routes/contributions.js
index 14327c9e..a31b8ed4 100644
--- a/app/routes/contributions.js
+++ b/app/routes/contributions.js
@@ -21,9 +21,9 @@ function ContributionsHandler (db) {
 
         /*jslint evil: true */
         // Insecure use of eval() to parse inputs
-        const preTax = eval(req.body.preTax);
-        const afterTax = eval(req.body.afterTax);
-        const roth = eval(req.body.roth);
+        const preTax = parseInt(req.body.preTax, 10);
+        const afterTax = parseInt(req.body.afterTax, 10);
+        const roth = parseInt(req.body.roth, 10);
 
         /*
         //Fix for A1 -1 SSJS Injection attacks - uses alternate method to eval