I'm making a comments system for my site and I'm seeking some advice. One thing to keep in mind: I do not require any account creation to make a comment.
First, I don't want the users to be able to use HTML, or any kind of scripting language for obvious reasons. But I would like to allow the users to be able to post their own code. Would using regular expressions to replace all '<' with '<' keep any actual scripts or HTML from being added to the site?
I'd also like the user to be able to edit his or her own comment after it has been posted. Would creating a cookie effectively achieve this? Keep in mind I don't want to require an account creation to comment.
Last, is there anything else I need to worry about?
Thanks for any advice!

Adam