Gracefully handle malformed currency codes instead of crashing by mountiny · Pull Request #91114 · Expensify/App

mountiny · 2026-05-19T19:01:53Z

Explanation of Change

When a workspace policy or transaction has an invalid/malformed currency code stored in the backend, Intl.NumberFormat throws a RangeError: Malformed currency code that crashes the entire expense amount entry screen. This has been occurring since Feb 28, 2026 — 632 occurrences across 210 users (Sentry APP-6MR).

Crash path:

MoneyRequestAmountInput
  → getLocalizedCurrencySymbol (CurrencyUtils.ts)
    → formatToParts (NumberFormatUtils/index.ts)
      → new Intl.NumberFormat(locale, { style: 'currency', currency: <invalid> })
        → RangeError: Malformed currency code

Two-layer fix:

sanitizeCurrencyCode in CurrencyUtils.ts — validates the currency format (ISO 4217 = exactly 3 uppercase ASCII letters) and returns CONST.CURRENCY.USD with a Log.warn when invalid. Applied in all functions that pass a currency to Intl.NumberFormat: getLocalizedCurrencySymbol, convertToDisplayString, convertToDisplayStringWithoutCurrency, convertToShortDisplayString, convertAmountToDisplayString.
Try/catch safety net in NumberFormatUtils/index.ts — catches any RangeError from Intl.NumberFormat with a bad currency option that slips past layer 1, retries with USD, and logs a warning. This protects all current and future callers.

Also sanitized currency in TotalCell.tsx before its direct formatToParts call.

The backend root cause (malformed currency code stored in a policy or transaction) should be addressed separately.

Fixed Issues

$ #91113
PROPOSAL:

Tests

Verify that no errors appear in the JS console
Supportal to the account of this user https://github.com/Expensify/Expensify/issues/638330 and make sure you can access the spend page just fine

Offline tests

No offline-specific behavior changed.

QA Steps

Same as tests

PR Author Checklist

Screenshots/Videos

Android: Native

Android: mWeb Chrome

iOS: Native

iOS: mWeb Safari

MacOS: Chrome / Safari

When a workspace policy or transaction has an invalid currency code stored in the backend, Intl.NumberFormat throws a RangeError that crashes the expense amount screen. Add two-layer protection: 1. sanitizeCurrencyCode helper in CurrencyUtils.ts: validates the format (ISO 4217 = exactly 3 uppercase ASCII letters) and falls back to USD with a Log.warn when the code is malformed. Applied in getLocalizedCurrencySymbol, convertToDisplayString, convertToDisplayStringWithoutCurrency, convertToShortDisplayString, and convertAmountToDisplayString. 2. try/catch safety net in NumberFormatUtils/index.ts: catches any RangeError from Intl.NumberFormat caused by a bad currency option that slips past layer 1, retries with USD, and logs a warning. Also sanitizes currency in TotalCell.tsx before its direct formatToParts call. Fixes #91113 Co-authored-by: Cursor <cursoragent@cursor.com>

mountiny · 2026-05-19T19:16:29Z

@codex review

chatgpt-codex-connector · 2026-05-19T19:19:25Z

Codex Review: Didn't find any major issues. Can't wait for the next one!

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Copilot

Pull request overview

Addresses a production crash caused by malformed currency codes reaching Intl.NumberFormat by sanitizing inputs and adding a defensive fallback in number-formatting utilities.

Changes:

Added sanitizeCurrencyCode() to validate (and fallback) currency codes before formatting.
Wrapped Intl.NumberFormat usage in NumberFormatUtils with a RangeError catch + USD retry.
Sanitized currency prior to a direct formatToParts usage in TotalCell.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 6 comments.

File	Description
src/libs/NumberFormatUtils/index.ts	Adds try/catch fallback around `Intl.NumberFormat` formatting/parts generation and logs warnings on malformed currency input.
src/libs/CurrencyUtils.ts	Introduces `sanitizeCurrencyCode` and applies it to currency-formatting helpers to prevent `Intl.NumberFormat` crashes.
src/components/TransactionItemRow/DataCells/TotalCell.tsx	Sanitizes currency before calling `formatToParts` directly to avoid crashes in the transaction total cell.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

…currency - Use relative './Log' / '@libs/Log' instead of '@src/libs/Log' to satisfy @dword-design/import-alias/prefer-alias rule for files inside src/libs. - Extract isValidCurrencyCode helper from sanitizeCurrencyCode in CurrencyUtils.ts and export it for callers that need to gate behavior on currency validity rather than transparently fall back to USD. - Use isValidCurrencyCode in Formula.formatAmount to keep the original semantic of returning an empty string (which surfaces the formula placeholder upstream) when the source or display currency is malformed, instead of silently formatting as USD. Restores the 'invalid source currency - should return placeholder' Jest expectation in FormulaTest that previously relied on Intl.NumberFormat throwing. Co-authored-by: Cursor <cursoragent@cursor.com>

- Normalize whitespace + case before validating in sanitizeCurrencyCode so common backend malformations like 'eur' and ' USD ' display the intended currency instead of incorrectly falling back to USD. - Throttle the invalid-currency Log.warn to fire at most once per unique malformed value using a module-level Set, avoiding log spam on hot paths like getLocalizedCurrencySymbol. - Loosen sanitizeCurrencyCode/isValidCurrencyCode parameter typing to unknown so non-string inputs from JS callers are handled safely without unsafe-type lint errors. - Use 'currency' in options (instead of truthiness) in the NumberFormatUtils try/catch fallback so Intl.NumberFormat throws triggered by an empty-string currency are still recovered to USD. - Add unit tests for isValidCurrencyCode, sanitizeCurrencyCode, and the malformed-currency behavior of convertToDisplayString and getLocalizedCurrencySymbol. Co-authored-by: Cursor <cursoragent@cursor.com>

codecov · 2026-05-19T19:50:37Z

Codecov Report

❌ Looks like you've decreased code coverage for some files. Please write tests to increase, or at least maintain, the existing level of code coverage. See our documentation here for how to interpret this table.

Files with missing lines	Coverage Δ
...ponents/TransactionItemRow/DataCells/TotalCell.tsx	`78.68% <100.00%> (+0.35%)`	⬆️
src/libs/CurrencyUtils.ts	`100.00% <100.00%> (+5.66%)`	⬆️
src/libs/NumberFormatUtils/index.ts	`100.00% <100.00%> (ø)`
src/components/Search/SearchChartView.tsx	`4.34% <0.00%> (ø)`
src/libs/Formula.ts	`87.19% <75.00%> (-0.57%)`	⬇️
...c/components/CurrencyListContextProvider/index.tsx	`81.25% <50.00%> (-3.60%)`	⬇️
... and 105 files with indirect coverage changes

Co-authored-by: Cursor <cursoragent@cursor.com>

github-actions · 2026-05-20T11:43:25Z

🚧 @mountiny has triggered a test Expensify/App build. You can view the workflow run here.

CurrencyUtilsTest additions: - isValidCurrencyCode: non-string inputs (number, boolean, object, array). - sanitizeCurrencyCode: whitespace/case normalization edge cases (tab/newline/internal-spaces, mixed case), explicit non-string inputs, log throttling (warn fires once per unique malformed value), and no-warn assertion when normalization recovers a valid code. - convertToShortDisplayString, convertAmountToDisplayString, and convertToDisplayStringWithoutCurrency now have malformed-currency fallback coverage matching convertToDisplayString. - convertToDisplayString: covers the shouldUseLocalCurrencySymbol branch with a malformed currency, and the undefined currency default path. New NumberFormatUtilsTest covers the try/catch safety net directly: - format/formatToParts succeed for valid currencies without warning. - format/formatToParts fall back to USD without throwing for malformed currencies (including the empty-string case via the 'currency' in options guard). - format/formatToParts do not swallow RangeErrors when the failing option is not currency (e.g. an unknown unit), preserving normal error propagation for unrelated bugs. - Verifies Intl's native case-insensitive handling of lowercase ISO codes ('usd') does not trigger the fallback path. Co-authored-by: Cursor <cursoragent@cursor.com>

mountiny · 2026-05-20T11:56:53Z

Tested in the Adhoc and I can supportal to this customer account and access the page, they have one unreported expense which looks like has no currency set

melvin-bot · 2026-05-20T13:36:16Z

@FitseTLT Please copy/paste the Reviewer Checklist from here into a new comment on this PR and complete it. If you have the K2 extension, you can simply click: [this button]

- Extract createFormatter helper in NumberFormatUtils/index.ts so format and formatToParts share a single try/catch + USD fallback path (addresses the CONSISTENCY-3 bot review on discussion_r3274381328). - Apply sanitizeCurrencyCode to the two remaining direct callers that bypassed layer-1 validation: the convertToDisplayString and convertToDisplayStringWithoutCurrency closures in CurrencyListContextProvider, and the formatToParts call in SearchChartView. These previously only had the anonymous layer-2 catch as a safety net and missed normalization (e.g. 'eur' rendering as USD). - Add resetInvalidCurrencyWarningsForTesting in CurrencyUtils.ts so Log.warn-asserting tests can clear the module-level throttle Set in beforeEach instead of relying on globally-unique fixture strings. - Add a cross-helper throttle test asserting the shared Set deduplicates warnings across convertToDisplayString, getLocalizedCurrencySymbol, and convertToShortDisplayString for the same malformed code. - Add malformed-currency test matrix for convertToDisplayStringWithExplicitCurrency, including the falsy branch that delegates to convertToDisplayStringWithoutCurrency. Co-authored-by: Cursor <cursoragent@cursor.com>

FitseTLT · 2026-05-20T14:04:33Z

Is this ready for review?

mountiny · 2026-05-20T14:16:38Z

@FitseTLT Yes, can you work on the checklist please? thank you

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8f88c5d14c

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

FitseTLT · 2026-05-20T21:19:29Z

Reviewer Checklist

I have verified the author checklist is complete (all boxes are checked off).
I verified the correct issue is linked in the ### Fixed Issues section above
I verified testing steps are clear and they cover the changes made in this PR
- I verified the steps for local testing are in the Tests section
- I verified the steps for Staging and/or Production testing are in the QA steps section
- I verified the steps cover any possible failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
- I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
I checked that screenshots or videos are included for tests on all platforms
I included screenshots or videos for tests on all platforms
I verified that the composer does not automatically focus or open the keyboard on mobile unless explicitly intended. This includes checking that returning the app from the background does not unexpectedly open the keyboard.
I verified tests pass on all platforms & I tested again on:
- Android: HybridApp
- Android: mWeb Chrome
- iOS: HybridApp
- iOS: mWeb Safari
- MacOS: Chrome / Safari
If there are any errors in the console that are unrelated to this PR, I either fixed them (preferred) or linked to where I reported them in Slack
I verified there are no new alerts related to the canBeMissing param for useOnyx
I verified proper code patterns were followed (see Reviewing the code)
- I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e. toggleReport and not onIconClick).
- I verified that comments were added to code that is not self explanatory
- I verified that any new or modified comments were clear, correct English, and explained "why" the code was doing something instead of only explaining "what" the code was doing.
- I verified any copy / text shown in the product is localized by adding it to src/languages/* files and using the translation method
- I verified all numbers, amounts, dates and phone numbers shown in the product are using the localization methods
- I verified any copy / text that was added to the app is grammatically correct in English. It adheres to proper capitalization guidelines (note: only the first word of header/labels should be capitalized), and is either coming verbatim from figma or has been approved by marketing (in order to get marketing approval, ask the Bug Zero team member to add the Waiting for copy label to the issue)
- I verified proper file naming conventions were followed for any new files or renamed files. All non-platform specific files are named after what they export and are not named "index.js". All platform-specific files are named for the platform the code supports as outlined in the README.
- I verified the JSDocs style guidelines (in STYLE.md) were followed
If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
I verified that this PR follows the guidelines as stated in the Review Guidelines
I verified other components that can be impacted by these changes have been tested, and I retested again (i.e. if the PR modifies a shared library or component like Avatar, I verified the components using Avatar have been tested & I retested again)
I verified all code is DRY (the PR doesn't include any logic written more than once, with the exception of tests)
I verified any variables that can be defined as constants (ie. in CONST.ts or at the top of the file that uses the constant) are defined as such
If a new component is created I verified that:
- A similar component doesn't exist in the codebase
- All props are defined accurately and each prop has a /** comment above it */
- The file is named correctly
- The component has a clear name that is non-ambiguous and the purpose of the component can be inferred from the name alone
- The only data being stored in the state is data necessary for rendering and nothing else
- For Class Components, any internal methods passed to components event handlers are bound to this properly so there are no scoping issues (i.e. for onClick={this.submit} the method this.submit should be bound to this in the constructor)
- Any internal methods bound to this are necessary to be bound (i.e. avoid this.submit = this.submit.bind(this); if this.submit is never passed to a component event handler like onClick)
- All JSX used for rendering exists in the render method
- The component has the minimum amount of code necessary for its purpose, and it is broken down into smaller components in order to separate concerns and functions
If any new file was added I verified that:
- The file has a description of what it does and/or why is needed at the top of the file if the code is not self explanatory
If a new CSS style is added I verified that:
- A similar style doesn't already exist
- The style can't be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(theme.componentBG)
If the PR modifies code that runs when editing or sending messages, I tested and verified there is no unexpected behavior for all supported markdown - URLs, single line code, code blocks, quotes, headings, bold, strikethrough, and italic.
If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases)
If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.
If the PR modifies a component or page that can be accessed by a direct deeplink, I verified that the code functions as expected when the deeplink is used - from a logged in and logged out account.
[ x If the PR modifies the UI (e.g. new buttons, new UI components, changing the padding/spacing/sizing, moving components, etc) or modifies the form input styles:
- I verified that all the inputs inside a form are aligned with each other.
- I added Design label and/or tagged @Expensify/design so the design team can review the changes.
If a new page is added, I verified it's using the ScrollView component to make it scrollable when more elements are added to the page.
For any bug fix or new feature in this PR, I verified that sufficient unit tests are included to prevent regressions in this flow.
If the main branch was merged into this PR after a review, I tested again and verified the outcome was still expected according to the Test steps.
I have checked off every checkbox in the PR reviewer checklist, including those that don't apply to this PR.

Screenshots/Videos

Android: HybridApp

Android: mWeb Chrome

2026-05-21.00-05-07.mp4

iOS: HybridApp

2026-05-21.00-17-11.mp4

iOS: mWeb Safari

2026-05-21.00-02-26.mp4

MacOS: Chrome / Safari

2026-05-20.23-58-10.mp4

FitseTLT · 2026-05-20T16:57:09Z


    const firstItem = data.at(0);
-    const currency = firstItem?.currency ?? 'USD';
+    const currency = sanitizeCurrencyCode(firstItem?.currency ?? 'USD');


It would be nice to replace literal USD with const value.

FitseTLT · 2026-05-20T17:01:11Z

+/**
+ * Build an Intl.NumberFormat with a USD fallback for malformed currency codes.
+ * Intl throws RangeError for empty/malformed currency values; check presence of the option (not truthiness)
+ * so we still recover when currency is '' rather than rethrowing and crashing the screen.


I think you need to fix the comment around "when currency is ''"

FitseTLT · 2026-05-20T21:47:51Z

+        if (e instanceof RangeError && options && 'currency' in options) {
+            Log.warn('NumberFormatUtils: malformed currency code, falling back to USD', {currency: options.currency});


Should we not track malformed currencies here to avoid duplicate warning?

trjExpensify

I've seen this be reported three times today. 👍

github-actions · 2026-05-21T01:19:22Z


    const firstItem = data.at(0);
-    const currency = firstItem?.currency ?? 'USD';
+    const currency = sanitizeCurrencyCode(firstItem?.currency ?? 'USD');


❌ CONSISTENCY-2 (docs)

The string literal 'USD' is used as a fallback currency code, but the constant CONST.CURRENCY.USD is already available and imported in this file (line 9). Using the named constant improves readability and ensures consistency if the default currency value ever changes.

Replace the magic string with the existing constant:

const currency = sanitizeCurrencyCode(firstItem?.currency ?? CONST.CURRENCY.USD);

Reviewed at: 8f88c5d | Please rate this suggestion with 👍 or 👎 to help us improve! Reactions are used to monitor reviewer efficiency.

melvin-bot Bot assigned mountiny May 19, 2026

mountiny requested a review from Copilot May 19, 2026 19:16

Copilot started reviewing on behalf of mountiny May 19, 2026 19:17 View session

Copilot AI reviewed May 19, 2026

View reviewed changes

Comment thread src/libs/NumberFormatUtils/index.ts

Comment thread src/libs/CurrencyUtils.ts

Comment thread src/libs/CurrencyUtils.ts Outdated

Comment thread src/libs/NumberFormatUtils/index.ts Outdated

Comment thread src/libs/CurrencyUtils.ts Outdated

Comment thread src/libs/CurrencyUtils.ts

mountiny and others added 2 commits May 19, 2026 21:28

Fix cspell: replace USDX with USDD in test fixtures

14eea65

Co-authored-by: Cursor <cursoragent@cursor.com>

mountiny added the InternalQA This pull request required internal QA label May 20, 2026

mountiny marked this pull request as ready for review May 20, 2026 13:36

mountiny requested review from a team as code owners May 20, 2026 13:36

melvin-bot Bot requested review from FitseTLT and trjExpensify and removed request for a team May 20, 2026 13:36

github-actions Bot reviewed May 20, 2026

View reviewed changes

Comment thread src/libs/NumberFormatUtils/index.ts Outdated

chatgpt-codex-connector Bot reviewed May 20, 2026

View reviewed changes

Comment thread src/libs/Formula.ts

FitseTLT reviewed May 20, 2026

View reviewed changes

trjExpensify approved these changes May 21, 2026

View reviewed changes

github-actions Bot reviewed May 21, 2026

View reviewed changes

		if (e instanceof RangeError && options && 'currency' in options) {
		Log.warn('NumberFormatUtils: malformed currency code, falling back to USD', {currency: options.currency});

Conversation

mountiny commented May 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Explanation of Change

Fixed Issues

Tests

Offline tests

QA Steps

PR Author Checklist

Screenshots/Videos

Uh oh!

mountiny commented May 19, 2026

Uh oh!

chatgpt-codex-connector Bot commented May 19, 2026

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

codecov Bot commented May 19, 2026 • edited by github-actions Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

github-actions Bot commented May 20, 2026

Uh oh!

mountiny commented May 20, 2026

Uh oh!

melvin-bot Bot commented May 20, 2026

Uh oh!

Uh oh!

FitseTLT commented May 20, 2026

Uh oh!

mountiny commented May 20, 2026

Uh oh!

chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

Uh oh!

FitseTLT commented May 20, 2026

Reviewer Checklist

Screenshots/Videos

Uh oh!

FitseTLT May 20, 2026

Choose a reason for hiding this comment

Uh oh!

FitseTLT May 20, 2026

Choose a reason for hiding this comment

Uh oh!

FitseTLT May 20, 2026

Choose a reason for hiding this comment

Uh oh!

trjExpensify left a comment

Choose a reason for hiding this comment

Uh oh!

github-actions Bot May 21, 2026

Choose a reason for hiding this comment

❌ CONSISTENCY-2 (docs)

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

mountiny commented May 19, 2026 •

edited

Loading

codecov Bot commented May 19, 2026 •

edited by github-actions Bot

Loading