Email validation is weird and bad: Lessons in XSS
December 13, 2020
tl;dr The payload linked here doesn’t bypass HTML5 email validation and quite possibly other algorithms as well. It was probably designed to bypass PHP’s
filter_var() function specifically and it would be good to mark it as such.