I am setting up a semi-public input environment - easiest to think in terms of a forum - and wonder about the security risks allowing users to add href links.
I see this forum allows that.
I figure even if BBCode is the interface the posting is still a live URL.
XSS - js injection (I'm trying to sound intelligent here :rolleyes:)
Perhaps totally a non-issue?
I will be interested to have you thoughts