It sort of is, but it's also a drastic oversimplification.
Let me go back to YaBBSE / SMF 1.0 for a moment. parse_bbc was a very different beast then, and it was based on regular expressions, which under some conditions could be an order of magnitude faster than the current incarnation.
At the same time, it's also possible to brutally hurt the server with specifically crafted posts that force the regular expression to be parsed the slowest possible way, which under the right conditions would be easily an order of magnitude slower than the current parse_bbc processing.
That's why Unknown gutted it and rewrote it for 1.1. (Maybe it was for 1.0 replacing YaBBSE's. I can't remember, but certainly at some point prior to 1.1 final it was moved from regexp based to the current incarnation.)
parse_bbc now is slow. But you can't tie it in knots and generate pathological-case processing; it won't run into log time most of the time, and even with the worst case it won't typically be worse than linear time.
So, with that in mind, consider then that you can throw anything at parse_bbc and it should work as intended.
Doing something with it structurally is something I've been pondering for a while, and I keep coming back to this sticking point of its style of regurgitation - it doesn't ever take the content and filter crap out, it starts from sanitised content and specifically enables it. There's no good way I can see of approaching that without compromising security somewhere, and so it becomes a judgement call as to how far is 'far enough'.
Let me go back to YaBBSE / SMF 1.0 for a moment. parse_bbc was a very different beast then, and it was based on regular expressions, which under some conditions could be an order of magnitude faster than the current incarnation.
At the same time, it's also possible to brutally hurt the server with specifically crafted posts that force the regular expression to be parsed the slowest possible way, which under the right conditions would be easily an order of magnitude slower than the current parse_bbc processing.
That's why Unknown gutted it and rewrote it for 1.1. (Maybe it was for 1.0 replacing YaBBSE's. I can't remember, but certainly at some point prior to 1.1 final it was moved from regexp based to the current incarnation.)
parse_bbc now is slow. But you can't tie it in knots and generate pathological-case processing; it won't run into log time most of the time, and even with the worst case it won't typically be worse than linear time.
So, with that in mind, consider then that you can throw anything at parse_bbc and it should work as intended.
Doing something with it structurally is something I've been pondering for a while, and I keep coming back to this sticking point of its style of regurgitation - it doesn't ever take the content and filter crap out, it starts from sanitised content and specifically enables it. There's no good way I can see of approaching that without compromising security somewhere, and so it becomes a judgement call as to how far is 'far enough'.