How to handle contenteditable input with emojis safely?

Posted 5 months ago by mvoit

Hi guys!

On my website (laravel + vue), the user can place texts and comments and even insert emojis (I use emojione: ).

My problem is sanitizing the text and rendering it correctly . User enters some html and emojis, I sanitize everything, store the raw text with the emojis' utf-code in MySQL. And then, when displaying, I fetch the text, convert the text with its utf-emojis to text with html-img-tags for the emojis and render it vue's v-html="..." attribute.

Somehow, I don't trust sanitization completely. I still get cases here and there, where not all tags are removed completely. And rendering the text via v-html in vue seems bogus to me...However, displaying as text only does not allow for emoji-images.

And as much as I search, I don't find best practices online on how to handle this use case!? Can you guys please help me?

Please sign in or create an account to participate in this conversation.

Reply to

Use Markdown with GitHub-flavored code blocks.