[emil]

Im no XSS-expert, but img-tags are probably a bad idea, consider:

HTML Code:

<img src="http://evil.host/evil.php?evil=1">

Plain text comments, with the ability to add comment-addons that allow html-tags, sounds like the best idea.