when you use [url] [/url] tags, the code between those tags is processed by the ReplaceURLs function. when a URL is posted that is not in between those tags, it is processed by edit_hrefs javascript function.
I found and commented out the filter on ";" in the ReplaceURLs function.
Since my Forums are computer support forums, I have many posts referring to support.microsoft.com which all have a ";" in the URL which I needed to work.
Is there a big security risk in removing the filter on ";" ? (Don't answer if this could be exploited)
We just filtered everything that could potentially cause a security risk. Whether it actually does, I'm not sure. Hackers are very resourceful individuals. They seem to be able to exploit things that otherwise wouldn't seem to be exploitable.