Quote Originally Posted by The General View Post
Ofcourse you're not allowed to do HTML. People would just create a thread and add this to it:

<meta http-equiv="refresh" content="0; URL=http://site.com">
and boom! Haxxored!
There could be some options to change on BBCode tho. Instead of [ use of <, and h1, h2, h3,... tags... And/or font aswell.
Don't exactly need to be direct to html, but atleast a proxy to BBCode.