On 02 feb 2010 we found out that bbcodes using {TEXT} inside the html tags was a serious security vulnerability.
Therefore I mass mailed all our members with a link to a post with more explanation.
That post is what you see below.
In the meantime a new token was introduced in 3.0.7, {INTTEXT} which is safe to use inside html tags where this is necessary.
We have also secured all bbcodes on this board, no longer using {TEXT} inside html tags.
So you are not to worry about getting insecure code here. I am just reposting because it is important information and for the fact that this issue is not informed well other places.
Stoker wrote:Hello,
I am very sorry to inform you that we may have been providing insecure code!
The problem is when {TEXT} is used in the html tags.
Just like this:Instead of using {TEXT} we should use {SIMPLETEXT} or {IDENTIFIER}Code: Select all
<div style="{TEXT1}">{TEXT2}</div>
Then it would be safe.
Please check all your bbcodes.
Sorry for the inconvenience.