Improve Diamond Hunt 2
I originally thought a simple check for a link beginning with http:// or https:// would be enough.
After some checks, I spotted that links like http://"><script>alert("lol!");</script><a href=" would be enough break the chains (there are other examples for sure).
I improved the regular expression from
msg = msg.replace(/(https?:\/\/[^\s]+)/g, '<a target="_blank" href="$1">$1</a>');
to
msg = msg.replace(/(https?:\/\/[^\s"<>]+)/g, '<a target="_blank" href="$1">$1</a>');
You can check the new expression for potential leaks on sites like regexpal.com. If there are any, please tell me so I can fix them.
Thanks for helping me improving the accuracy of the script.
Injection attacks
My instinct is that calling msg = msg.replace without encoding the url exposes users of this script to a script injection attack.