An eTransfer typically allows for entering a short message of
up to 400 chars. For a recent eTransfer, I found it important
to enter something to reference the billing statement that I am
paying for. My typical message was something like this:
This payment is for the "60-90 days" portion of the
statement dated 11/15/21.
But that triggered an error message:
"There appears to be an error! All errors must be corrected
before continuing."
Please enter a valid message. It must not exceed 400
characters and contain only letters, numbers, and the
characters . ! @ / ; : , ' = $ ^ ? * ( ). It must not
contain the words http:, https:, www., javascript,
function, return.
In this case it seemed that the quote char and the dash was not
on the allowed list. Now, I'm just wondering WHY would a quote
or dash char need to be treated differently and excluded from a
valid set?
Likewise, why would even a simple word like function or return
be a problem for a message block? When the system dedicates a
400 char block for a message, why can't the system simply treat
that content as a benign group of chars and ignore any
"functionality" implied with http: https: or www, etc?
Could there be hacking vectors that haven't been solved in the
eTransfer system?
Sysop: | digital man |
---|---|
Location: | Riverside County, California |
Users: | 1,063 |
Nodes: | 17 (0 / 17) |
Uptime: | 06:24:58 |
Calls: | 501,123 |
Calls today: | 16 |
Files: | 109,393 |
D/L today: |
2,558 files (325M bytes) |
Messages: | 300,533 |
Posted today: | 1 |