Email address sanitisation mangles valid email addresses

[westi]

If you change your email address to one including an ampersand then we mangle the address with html entities.

For example:

• This - peter&paul@…
• Becomes - peter&paul@…

This is due to the call to wp_filter_kses on pre_user_email' in default-filters.php.

The was added in [5906] for #4546.

I'm not sure if we need kses filtering for emails - if we do which should probably revert this conversion of the & => & afterwards.

While we're in there, there are some other rules that might need to be considered:

• Uppercase and lowercase English letters (a–z, A–Z) (ASCII: 65–90, 97–122)
• Digits 0 to 9 (ASCII: 48–57)
• Characters !#$%&'*+-/=?^_`{|}~ (ASCII: 33, 35–39, 42, 43, 45, 47, 61, 63, 94–96, 123–126)
• Character . (dot, period, full stop) (ASCII: 46) provided that it is not the first or last character, and provided also that it does not appear two or more times consecutively (e.g. John..Doe@… is not allowed.).
• Special characters are allowed with restrictions. They are:
  • Space and "(),:;<>@[\] (ASCII: 32, 34, 40, 41, 44, 58, 59, 60, 62, 64, 91–93)
  • The restrictions for special characters are that they must only be used when contained between quotation marks, and that 2 of them (the backslash \ and quotation mark " (ASCII: 32, 92, 34)) must also be preceded by a backslash \ (e.g. "
    \"").
• Comments are allowed with parentheses at either end of the local part; e.g. "john.smith(comment)@example.com" and "(comment)john.smith@…" are both equivalent to "john.smith@…".
• International characters above U+007F are permitted by RFC 6531, though mail systems may restrict which characters to use when assigning local parts.

From ​http://en.wikipedia.org/wiki/Email_address which summarizes ​http://tools.ietf.org/html/rfc3696#section-3

Related: #16788

What about instead of applying wp_filter_kses, we pass the new address through PHP's ​FILTER_SANITIZE_EMAIL? That would strip out all characters except letters, digits and !#$%&'*+-/=?^_`{|}~@.[]