diff --git a/ext/bbcode/main.php b/ext/bbcode/main.php
index 4e535b8d..50ad3838 100644
--- a/ext/bbcode/main.php
+++ b/ext/bbcode/main.php
@@ -14,12 +14,12 @@ class BBCode implements Extension {
 		$text = preg_replace("/\[u\](.*?)\[\/u\]/s", "<u>\\1</u>", $text);
 		$text = preg_replace("/\[s\](.*?)\[\/s\]/s", "<s>\\1</s>", $text);
 		$text = preg_replace("/\[code\](.*?)\[\/code\]/s", "<pre>\\1</pre>", $text);
-		$text = preg_replace("/&gt;&gt;(\d+)/s", "<a href='".make_link("post/view/\\1")."'>&gt;&gt;\\1</a>", $text);
+		$text = preg_replace("/&gt;&gt;(\d+)/s", "<a href=\"".make_link("post/view/\\1")."\">&gt;&gt;\\1</a>", $text);
 		$text = preg_replace("/&gt;&gt;([^\d].+)/", "<blockquote><small>\\1</small></blockquote>", $text);
-		$text = preg_replace("/\[url=((?:https?|ftp|irc|mailto):\/\/.*?)\](.*?)\[\/url\]/s", "<a href='\\1'>\\2</a>", $text);
-		$text = preg_replace("/\[url\]((?:https?|ftp|irc|mailto):\/\/.*?)\[\/url\]/s", "<a href='\\1'>\\1</a>", $text);
-		$text = preg_replace("/\[\[([^\|\]]+)\|([^\]]+)\]\]/s", "<a href='".make_link("wiki/\\1")."'>\\2</a>", $text);
-		$text = preg_replace("/\[\[([^\]]+)\]\]/s", "<a href='".make_link("wiki/\\1")."'>\\1</a>", $text);
+		$text = preg_replace("/\[url=((?:https?|ftp|irc|mailto):\/\/.*?)\](.*?)\[\/url\]/s", "<a href=\"\\1\">\\2</a>", $text);
+		$text = preg_replace("/\[url\]((?:https?|ftp|irc|mailto):\/\/.*?)\[\/url\]/s", "<a href=\"\\1\">\\1</a>", $text);
+		$text = preg_replace("/\[\[([^\|\]]+)\|([^\]]+)\]\]/s", "<a href=\"".make_link("wiki/\\1")."\">\\2</a>", $text);
+		$text = preg_replace("/\[\[([^\]]+)\]\]/s", "<a href=\"".make_link("wiki/\\1")."\">\\1</a>", $text);
 		$text = str_replace("\n", "\n<br>", $text);
 		$text = preg_replace("/\[quote\](.*?)\[\/quote\]/s", "<blockquote><small>\\1</small></blockquote>", $text);
 		$text = preg_replace("/\[quote=(.*?)\](.*?)\[\/quote\]/s", "<small><small>Quoting \\1</small></small><blockquote><small>\\2</small></blockquote>", $text);
diff --git a/ext/bbcode/test.php b/ext/bbcode/test.php
new file mode 100644
index 00000000..18348440
--- /dev/null
+++ b/ext/bbcode/test.php
@@ -0,0 +1,35 @@
+<?php
+class BBCodeUnitTest extends UnitTestCase {
+	public function testBasics() {
+		$this->template("[b]bold[/b][i]italic[/i]", "<b>bold</b><i>italic</i>");
+	}
+
+	public function testStacking() {
+		$this->template("[b]B[/b][i]I[/i][b]B[/b]", "<b>B</b><i>I</i><b>B</b>");
+		$this->template("[b]bold[i]bolditalic[/i]bold[/b]", "<b>bold<i>bolditalic</i>bold</b>");
+	}
+
+	public function testFailure() {
+		$this->template("[b]bold[i]italic", "[b]bold[i]italic");
+	}
+
+	public function testURL() {
+		$this->template(
+			"[url]http://shishnet.org[/url]",
+			"<a href=\"http://shishnet.org\">http://shishnet.org</a>");
+		$this->template(
+			"[url=http://shishnet.org]ShishNet[/url]",
+			"<a href=\"http://shishnet.org\">ShishNet</a>");
+		$this->template(
+			"[url=javascript:alert(\"owned\")]click to fail[/url]",
+			"[url=javascript:alert(&quot;owned&quot;)]click to fail[/url]");
+	}
+
+	private function template($in, $out) {
+		$bb = new BBCode();
+		$tfe = new TextFormattingEvent($in);
+		$bb->receive_event($tfe);
+		$this->assertEqual($tfe->formatted, $out);
+	}
+}
+?>