@@ -9,6 +9,9 @@
 
 // Listen for the announce event.
 io.on('announce', function(data) {
+    // Remove the html tags to prevent XSS
+    data = $('<div/>').text(data).text();
+  
     $('body').append('<p>'+data.message+ new Date().toString()+'</p>')
 })
 