no, it's a filter, a field in a REQ envelope

events are stringently sanitised and rejected already, this is new, filters with bech32 encoding

i have to go through the entire index search generation function and put sanitizers in

it's not unexpected, just this is literally the first time i see it right now after running this on and off in tests