View Single Post
  #5  
Old 06 Jan 2014, 19:35
T2x T2x is offline
 
Join Date: May 2006
The mod apparently looks for ranker embed codes when posts are made and pulls out a few variables then generates a bb code tag which vbulletin automatically sanitizes.

When parsing the post for bbcode, if the user has image posting permissions it will generate this code


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

I can also see they are preventing xss injection in the href attribute by validating that the url conforms to this regex:
Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Reply With Quote