from: | axxxxxxx7@gmail.com | ||
reply-to: | axxxxxxx7@gmail.com | ||
to: | cj@thiscrazytrain.com | ||
date: | Wed, Apr 8, 2015 at 3:43 PM | ||
subject: | Presto email |
I was on Presto's site to email them about something. They have one of those boxes for you to type your email into and submit. Did you know you can't use the following characters?
| & ; $ % ' \ " <> () + ,
So you can't even use dollar signs, apostrophes or commas.
My email wouldn't go through until I removed all of those.
I've never seen such a thing on an email form.
8 comments:
Fact. Presto doesn't want you to email them MUWAH HA HA HA HA HA
I find sending an email to robert.hollis@prestocard.ca (Executive VP, PRESTO) with cc to CJ a more effective means of communicating with PRESTO.
Email addresses can't contain those symbols...
He meant the comment area. I tried it myself.
We use feedback forms at work and people can use a dollar sign as well as slashes in their text if needed. The form doesn't fail on submit.
So if you want to write "I put $100 on my card", the form won't accept that.
So I took a lot at the source code. The page was generated using MS Sharepoint and uses javascript to "authenticate" the form and .asp (Microsoft supported coding language).
I don't personally understand why the big puzzle piece to make this work but there are other methods to use where special characters would be accepted.
The comment form doesn't link to a back-end function so it shouldn't require authentication. Looks like a design error to me.
Whopos my mistake!
~~~~~
It sounds like a very lazy way to sanitise your data inputs (in effect, preventing you from using the comment form to make code run on the server).
It's also bad security, because you could send unsanitised submissions to the server without using the comment form, thus bypassing the form's security measure.
That said, there are very easy ways to snreu this isn't a security problem, and allow people to use whatever symbols they want, ɗɑɱɳȉʈ
This issue happened to me about a year ago, when I followed up Presto told me they were developing a "work around", I guess this has not happened. Shrug
Post a Comment