Add bare minimum input sanitization

This is not secure at all, and I'm not sure where I broke Mastodon's
built-in sanitization, but whatever.

src/View/Formatter.elm

@@ -123,7 +123,14 @@ toVirtualDomEach mentions emoji node =
 -- VERY janky.
 handleEmoji : String -> List Emoji -> Html Msg
 handleEmoji s emojis =
-  span [ property "innerHTML" <| Json.Encode.string <| Regex.replace Regex.All shortcodeRegex (\{match} -> displayEmoji match emojis) <| s ] []
+  span [ property "innerHTML" <| Json.Encode.string <| Regex.replace Regex.All shortcodeRegex (\{match} -> displayEmoji match emojis) <| simpleSanitize <| s ] []
+
+
+simpleSanitize : String -> String
+simpleSanitize content =
+    content
+        |> replace "<" "&lt;"
+        |> replace ">" "&gt;"
 
 
 displayEmoji : String -> List Emoji -> String