XSS is possible

[fishnibble]

There seems to be no filtering for XSS. I was able to get a simple broken img tag to do an alert. This triggered for me and the other person in the chat.

<img src='#' onerror=alert(1) />

[dmd]

@jabyrd3 I think it would be reasonable to address this and #23 by encoding < and > - that is, not supporting hyperlinking or any other html features in the chat. My vt320 didn't let me click on links and I don't see a strong need for it; people can copy and paste if they need to.

[dmd]

Rather than encoding I'm just pulling out the linkify support and using innertext rather than innerhtml.