On my website (laravel + vue), the user can place texts and comments and even insert emojis (I use emojione: https://github.com/emojione/emojione ).
My problem is sanitizing the text and rendering it correctly . User enters some html and emojis, I sanitize everything, store the raw text with the emojis' utf-code in MySQL. And then, when displaying, I fetch the text, convert the text with its utf-emojis to text with html-img-tags for the emojis and render it vue's v-html="..." attribute.
Somehow, I don't trust sanitization completely. I still get cases here and there, where not all tags are removed completely. And rendering the text via v-html in vue seems bogus to me...However, displaying as text only does not allow for emoji-images.
And as much as I search, I don't find best practices online on how to handle this use case!? Can you guys please help me?