deti.mail.ru allowed to insert javascript: links into post content leading to self XSS possibility on message editing