(no title)

The funniest part was that for one it work great for the signup part, but they used a third party tool for licences that broke because of my e-mail. For another, only the js code was verifying the e-mail, and I could push it by removing the validation. When the owner had to validate my account, they got a message that the e-mail was incorrect when they tried to submit the form. They called me and had a great discussion about web apps security. We had a good time.

I would point out that it kind of prevents you from checking if your email is in a leak database as you need to test each aliases you used.