dfw4ever·5 年前·議論You should sanitize the messages on the server side, not the client. It's possible to inject images/scripts/links on the page.