Test Post, plz ignore
It isn't sandboxed, it's a markup language. It's output is supposed to be syntactically valid HTML, although I found an exploitable bug which in this case could enable a 3rd party website to automatically force you to follow another scratch user. First of all, your taking advantage of another language. Second of all, the BBcode is VERY sandboxed.
I'm currently deciding whether to report to ST or DjangoBB first.
Last edited by novice27b (Dec. 17, 2016 17:46:37)
i use arch btw