[bpfh]

Seems fairly usable atm. A few observations: there is an XSS vulnerability as you probably learned by now. Also, there was a moment when someone was submitting content and it appeared under my nick "bpfh".

Other than that, kudos for a simple well-functioning chat.

[serkanyersen]

Thanks. Those two security issues are fixed now. It was nice chatting with you :)

[JamesBlair]

> > Also, there was a moment when someone was submitting content and it appeared under my nick "bpfh".

> Thanks. Those two security issues are fixed now.

You fixed one way of nickname duplication, but so long as you allow arbitrary utf-8 strings, there are all sorts of non-printing characters to use. You should really get a list of everything to filter. I don't have any experience with node.js, so I don't know if anyone has written a library that does it.