Describe the bug
See title

To Reproduce
Steps to reproduce the behavior:

1. Log in with a username like <b>test</b>
2. Look towards the bottom right corner

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context
Add any other context about the problem here.
A simple one line fix, just add filtering here

@PatheticMustan This is only possible if you're admin, as usually you're username has to go through DOMpurify otherwise.

no.... if you just look at the line I linked, it doesn't put anything through DOMpurify
I haven't looked at if the admin or other users can view this, but I would guess not.
it's just a minor issue, but i thought i should point it out

Na, because it's in chat.js. If the client managed to get to chat.js, (got past join.js), it means that the username has already been filtered by the server.

Wait hol up i dont think DOMpurify sanitizes usernames @udu3324 take a look this issue is very important bc anti xss could be broken by this

Thank you for finding a bug! DOMpurify was scanning for XSS sucessfully, but not for safe tags/elements like bold and underline

Commit be0cebd fixes this & allows users with < and > to be mentioned

Usernames are XSS scanned even if they're an admin btw