You should sanitize the messages on the server side, not the client. It's possible to inject images/scripts/links on the page.
You should sanitize the messages on the server side, not the client. It's possible to inject images/scripts/links on the page.