Usually "Don't read this thread" doesn't work, so...

Ignore:

test
test
test

/me is dopey cause he just had to read it!

BTW, my test didn't work, so you should all be happy; otherwise I just found the biggest XSS flaw in vB ever. Actually I did find one that exists in custom-written vB codes (ones created in the admin CP) but I won't go into details.

test

Looks like its been fixed in the SQL tag as well

I've been looking at the bbcodeparse function and its child functions. There are no XSS problems, it seems, but there can be for custom vB codes (and I have yet to receive a reply): http://www.vbulletin.com/forum/showthread.php?t=81176

Looks like quite a big bug then?

Yes, provided your custom tags work like that. It seems, though, whenever I post a bug or potential bug, I always have to bump it to at least get a reply for details, confirmation, etc...

Too bad vB.com don't have a bug tracker for vB2, but seeing as there may not be any more releases of vB2.x, it would be rather pointless

I bet the problem still exists in vB3. Fancy making a test? I'm busy working on the craziest script ever for WDF (string parsing in a loop about 300,000 times).

Sure. Wow, that's a big script.

Edit: Reported, but it was deleted. Wont go into it here.