nitter
Romain Gaucher
@rgaucher
14 Oct 2010
e.g., r@f.["<script>alert(/1/)</script>"] is valid for RFC822
2
Bil Corry
@bilcorry
15 Oct 2010
Replying to
@rgaucher
@rgaucher
FWIW, using the validation regex recommended here http://is.gd/g2M3x rejects the XSS email address. Should still encode though.
Oct 15, 2010 · 6:15 AM UTC