(no title)

> Thanks. Those two security issues are fixed now.

You fixed one way of nickname duplication, but so long as you allow arbitrary utf-8 strings, there are all sorts of non-printing characters to use. You should really get a list of everything to filter. I don't have any experience with node.js, so I don't know if anyone has written a library that does it.