diff --git a/phpBB/phpbb/textformatter/s9e/factory.php b/phpBB/phpbb/textformatter/s9e/factory.php
index a5b3527822..9327da4b4f 100644
--- a/phpBB/phpbb/textformatter/s9e/factory.php
+++ b/phpBB/phpbb/textformatter/s9e/factory.php
@@ -15,6 +15,7 @@ namespace phpbb\textformatter\s9e;
 
 use s9e\TextFormatter\Configurator;
 use s9e\TextFormatter\Configurator\Items\AttributeFilters\Regexp as RegexpFilter;
+use s9e\TextFormatter\Configurator\Items\UnsafeTemplate;
 
 /**
 * Creates s9e\TextFormatter objects
@@ -236,7 +237,7 @@ class factory implements \phpbb\textformatter\cache
 
 			try
 			{
-				$configurator->BBCodes->addCustom($row['bbcode_match'], $tpl);
+				$configurator->BBCodes->addCustom($row['bbcode_match'], new UnsafeTemplate($tpl));
 			}
 			catch (\Exception $e)
 			{
diff --git a/tests/text_formatter/s9e/factory_test.php b/tests/text_formatter/s9e/factory_test.php
index a1378514b4..8df841605d 100644
--- a/tests/text_formatter/s9e/factory_test.php
+++ b/tests/text_formatter/s9e/factory_test.php
@@ -78,9 +78,6 @@ class phpbb_textformatter_s9e_factory_test extends phpbb_database_test_case
 		// This custom BBCode should be set
 		$this->assertTrue(isset($configurator->BBCodes['CUSTOM']));
 
-		// This unsafe custom BBCode will trigger an exception and should be ignored
-		$this->assertFalse(isset($configurator->BBCodes['UNSAFE']));
-
 		$this->assertTrue(isset($configurator->Emoticons[':D']));
 	}
 
@@ -176,4 +173,19 @@ class phpbb_textformatter_s9e_factory_test extends phpbb_database_test_case
 		$expected = $original;
 		$this->assertSame($expected, $renderer->render($parser->parse($original)));
 	}
+
+	/**
+	* @testdox Accepts unsafe custom BBCodes
+	*/
+	public function test_unsafe_bbcode()
+	{
+		$fixture = __DIR__ . '/fixtures/unsafe_bbcode.xml';
+		$container = $this->get_test_case_helpers()->set_s9e_services(null, $fixture);
+		$parser = $container->get('text_formatter.parser');
+		$renderer = $container->get('text_formatter.renderer');
+
+		$original = '[xss=javascript:alert(1)]text[/xss]';
+		$expected = '<a href="javascript:alert(1)">text</a>';
+		$this->assertSame($expected, $renderer->render($parser->parse($original)));
+	}
 }
diff --git a/tests/text_formatter/s9e/fixtures/unsafe_bbcode.xml b/tests/text_formatter/s9e/fixtures/unsafe_bbcode.xml
new file mode 100644
index 0000000000..55a2e689b6
--- /dev/null
+++ b/tests/text_formatter/s9e/fixtures/unsafe_bbcode.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<dataset>
+	<table name="phpbb_bbcodes">
+		<column>bbcode_id</column>
+		<column>bbcode_tag</column>
+		<column>bbcode_helpline</column>
+		<column>display_on_posting</column>
+		<column>bbcode_match</column>
+		<column>bbcode_tpl</column>
+		<column>first_pass_match</column>
+		<column>first_pass_replace</column>
+		<column>second_pass_match</column>
+		<column>second_pass_replace</column>
+
+		<row>
+			<value>13</value>
+			<value>xss=</value>
+			<value></value>
+			<value>1</value>
+			<value>[xss={TEXT1}]{TEXT2}[/xss]</value>
+			<value><![CDATA[<a href="{TEXT1}">{TEXT2}</a>]]></value>
+			<value><![CDATA[!\[xss\=(.*?)\](.*?)\[/xss\]!ies]]></value>
+			<value><![CDATA['[xss='.str_replace(array("\r\n", '\"', '\'', '(', ')'), array("\n", '"', '&#39;', '&#40;', '&#41;'), trim('${1}')).':$uid]'.str_replace(array("\r\n", '\"', '\'', '(', ')'), array("\n", '"', '&#39;', '&#40;', '&#41;'), trim('${2}')).'[/xss:$uid]']]></value>
+			<value><![CDATA[!\[xss\=(.*?):$uid\](.*?)\[/xss:$uid\]!s]]></value>
+			<value><![CDATA[<a href="${1}">${2}</a>]]></value>
+		</row>
+	</table>
+</dataset>