In my app I have some text input fields that I was using regular expressions on via aldeed:meteor-collection-2 to lock down what type of characters could be inserted by the user. These text inputs also have to handle Twitter and Instagram bodies because they’re part of a “post object” that is either sourced by user input OR a Social Media post body. I quickly found that my regular expressions wouldn’t pass for any Emoji characters that people use in their Tweets and IG posts (among the many other characters used). So I removed my regular expressions off my text inputs altogether.
Is there a danger in this? Does Meteor and/or Mongo do any kind of automatic cleansing/protection of text inputs from the client inherently? Is there any tools and/or regular expressions for handling Emoji characters? I know there’s some regular expressions out there on Stack Overflow but I’m afraid to use one because new Emoji characters will come out over time. And the expressions are really long and I wondered if there was a better way. I guess I could update my RegEx when new unicode characters are released.
Does leaving a text field open with no RegEx whatsoever leave my app vulnerable to any kind of script injection attacks?