Not a bug BB Code css


Well-known member
If you make a simple BB Code like so:

<span style="background-color: {option}; padding: 0 2px">{text}</span>

Usage: [bg=red]This is some text with a red background[/bg]

You can make a text in a in another background color that you define with the {option}.

But you can also use the following code:

[bg=red;border-style: solid;]This is some text with a red background and a solid border.[/bg]

Now you get the background color with the text but it now has a border because of the extra ;border-style: solid; but this was not included in the replacement html. This is unwanted you do not want people to make up their own css in the BB Code if the second option is not being called it should be ignored.

As example you can replace the border for background image.
[bg=red;background-image: url("paper.gif");]This is some text with a red background and a solid border.[/bg]

This is unwanted behaviour.

Liam W

in memoriam 1998-2020
Doesn't the bbcode option have a verification regex field when creating the bbcode? This should be used for these instances.


Chris D

XenForo developer
Staff member
As Liam says, you will need to validate the option value accordingly. You will also need to be careful of escaping to avoid the scope for things like XSS vulnerabilities (which would allow users to arbitrarily inject JS code into the page).