XSS : [url] [/url] accepts "javascript:" uri's

[LiEnby]

if arbitary bbcode can be encoded, then this allows for executing scripts in the context of the site rendering the bbcode;

example:

[url=javascript:alert(1);] click me !! [/url]

when converted to html will result in a .. which if a user clicks on will execute arbitary javascript code