XSS : [url] [/url] accepts "javascript:" uri's #34
Description
if arbitary bbcode can be encoded, then this allows for executing scripts in the context of the site rendering the bbcode;
example:
[url=javascript:alert(1);] click me !! [/url]
when converted to html will result in a .. which if a user clicks on will execute arbitary javascript code