How to handle contenteditable input with emojis safely?

Posted 5 months ago by mvoit

Hi guys!

On my website (laravel + vue), the user can place texts and comments and even insert emojis (I use emojione: ).

My problem is sanitizing the text and rendering it correctly . User enters some html and emojis, I sanitize everything, store the raw text with the emojis' utf-code in MySQL. And then, when displaying, I fetch the text, convert the text with its utf-emojis to text with html-img-tags for the emojis and render it vue's v-html="..." attribute.

Somehow, I don't trust sanitization completely. I still get cases here and there, where not all tags are removed completely. And rendering the text via v-html in vue seems bogus to me...However, displaying as text only does not allow for emoji-images.

And as much as I search, I don't find best practices online on how to handle this use case!? Can you guys please help me?

Please sign in or create an account to participate in this conversation.