[annnoo]

I did something similar for a university project to show why input/output sanitization is so important. Very simple project (~100 lines iirc) but it did the job!

https://github.com/annnoo/websocket-chatxss

In my oppinion the most fun thing you can inject is the "Katamari"-Script: http://kathack.com/