An eTransfer typically allows for entering a short message of ãup to 400 chars. For a recent eTransfer, I found it important ãto enter something to reference the billing statement that I am ãpaying for. My typical message was something like this:ãã This payment is for the "60-90 days" portion of theã statement dated 11/15/21.ããBut that triggered an error message:ãã"There appears to be an error! All errors must be correctedãbefore continuing."ãã Please enter a valid message. It must not exceed 400ã characters and contain only letters, numbers, and theã characters . ! @ / ; : , ' = $ ^ ? * ( ). It must notã contain the words http:, https:, www., javascript,ã function, return.ããIn this case it seemed that the quote char and the dash was not ãon the allowed list. Now, I'm just wondering WHY would a quote ãor dash char need to be treated differently and excluded from a ãvalid set?ããLikewise, why would even a simple word like function or return ãbe a problem for a message block? When the system dedicates a ã400 char block for a message, why can't the system simply treat ãthat content as a benign group of chars and ignore any ã"functionality" implied with http: https: or www, etc?ããCould there be hacking vectors that haven't been solved in the ãeTransfer system?ãã--- OpenXP 5.0.50ã * Origin: Ogg's Dovenet Point (723:320/1.9)ã þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTPã