<?php // Payload to bypass simple email validation in PHP $email = '"><svg/onload=confirm(1)>"@x.y'; var_dump(filter_var($email, FILTER_VALIDATE_EMAIL) !== false); // true // To be fair, this is a valid email address as per the RFC (one can try it here: // http://sphinx.mythic-beasts.com/~pdw/cgi-bin/emailvalidate // Source: https://twitter.com/brutelogic/status/1066333383276593152
You have javascript disabled. You will not be able to edit any code.