novice27b

Just testing some potential BBCode security issues, hopefully where nobody will see…

novice27b

More test



card100

First of all, your taking advantage of another language. Second of all, the BBcode is VERY sandboxed.

novice27b

card100 wrote:

First of all, your taking advantage of another language. Second of all, the BBcode is VERY sandboxed.
It isn't sandboxed, it's a markup language. It's output is supposed to be syntactically valid HTML, although I found an exploitable bug which in this case could enable a 3rd party website to automatically force you to follow another scratch user.

I'm currently deciding whether to report to ST or DjangoBB first.