Hello,
approximately a month ago, I told the nowjs guys about this issue.
Basically, everyone who can connect to a nowjs server is able to lock
it into an infinite loop forever just by sending a little JSON message
from a connected browser. I have a PoC, and I sent it to
te...@flotype.com Nov 30. If they don't release a patch within two
weeks or so, I'll send this PoC to the nodejs ML.