If you are interested go to this link http://jacekk.co.uk/bbcode_test/
The the test button will log what you enter and the processed result to mysql so I can look later, it will also show you the result
Valid tags are
[syntax=text][b]test[/b] for bold
[u]test[/u] for underline
[i]test[/i] for italic
[s]test[/s] for line-through
[img]url[/img] for an image
[url]url[/url] for a link[/syntax]
The url tag is a little different to most common ones at the moment as you can also do
[syntax=text][url url="url" title="hover text"]thing to show[/url][/syntax]
either attribute should be optional, if url is left out the thing inside the tag is used. because of the way it detects the thing inside the tag you can also do
[syntax=text][url][img]url[/img][/url][/syntax]
to link to the same image that is displayed. And because the forum will resize large images by default, this is a nice way to easily do click to enlarge
The parser should also try to sort out any tags in the wrong order, so if you do
[syntax=text][b]test[/syntax]
it will do bold text as it auto-closes tags left open,
Also if you do
[syntax=text][b]test[/i][/syntax]
the [/i] will be replaced with a [/b]
The overall aim is to keep the html valid, so if you invalidate it somehow, you win
So a summery of what you should do:
- Go to http://jacekk.co.uk/bbcode_test/
- Try to break it by:
- Looking for XSS exploits
- Trying to invalidate the html by entering mangled bbcode
Thanks in advance, it would be a great help if you could have a go
If you find anything interesting, post your test # here so I can look in the DB
