This broke when moving to the standard library for escaping and
unescaping HTML. The original escaping code replaced "//" with
"&x2F;&x2F;" while the standard library doesn't.
This still needs a bunch of work, but this should be OK until the UI is
rewritten.
The command injects a <script> tag to open up a new window. Mod and
admin commands are only shown to mods and admins (no authentication
happens for this).
Resolves#8 for now.
Don't allow the user to randomize their color if it was previously
changed by an mod. And don't change to a random color if an incorrect
argument was given for the command.