I am currently working on a Bulletin Board system for an acquaintance of mine. All was going well until I was asked to script it to allow HTML OR BBCode (for images and links only). Both of which have atleast some vulnerabilities. HTML more than BBCode.

At the moment, I am leaning toward BBCode as it "seems" to be the safer route. As, I have never coded for BBCode before, I did a google for more info. I came across this tutorial (http://www.iceteks.com/articles.php/javascript2/1) which gave me a good start.

Now, is this tutorial/method safe? If not, what should I be looking for? Don't be too specific. I learn best from doing it myself, but security is not something I am keen on as of yet.

Thoughts/Suggestions are welcomed.
Thak you,
IamStang