Sounds nice Rafeal - one question though: Will the bbcode flaw be fixed (see
http://www.jforum.net/posts/list/3971.page)?
Actually, the flaw is well known for years - and used for SQL injections too. Currently the user only has to terminate the "bbcode" literal - like the src
string with a " character... and can write javascript functions afterwards that will be bound and executed.
I think this fix should be definitely included into the 2.1.8 version - or bbcode should be disabled by default, with a warning about the security issues that might be involved, considering that with javascript sometimes you can do quite some bad stuff, if the machine/browser is not fully updated/patched ...
[originally posted on jforum.net by Sid]