• eTransfer msg section, pretty lame

    From Ogg@CAPCITY2 to All on Tue Nov 16 18:52:00 2021
    An eTransfer typically allows for entering a short message of
    up to 400 chars. For a recent eTransfer, I found it important
    to enter something to reference the billing statement that I am
    paying for. My typical message was something like this:

    This payment is for the "60-90 days" portion of the
    statement dated 11/15/21.

    But that triggered an error message:

    "There appears to be an error! All errors must be corrected
    before continuing."

    Please enter a valid message. It must not exceed 400
    characters and contain only letters, numbers, and the
    characters . ! @ / ; : , ' = $ ^ ? * ( ). It must not
    contain the words http:, https:, www., javascript,
    function, return.

    In this case it seemed that the quote char and the dash was not
    on the allowed list. Now, I'm just wondering WHY would a quote
    or dash char need to be treated differently and excluded from a
    valid set?

    Likewise, why would even a simple word like function or return
    be a problem for a message block? When the system dedicates a
    400 char block for a message, why can't the system simply treat
    that content as a benign group of chars and ignore any
    "functionality" implied with http: https: or www, etc?

    Could there be hacking vectors that haven't been solved in the
    eTransfer system?

    --- OpenXP 5.0.50
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    ■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP