Emojis and Regular Expressions for Text Input Fields

In my app I have some text input fields that I was using regular expressions on via aldeed:meteor-collection-2 to lock down what type of characters could be inserted by the user. These text inputs also have to handle Twitter and Instagram bodies because they’re part of a “post object” that is either sourced by user input OR a Social Media post body. I quickly found that my regular expressions wouldn’t pass for any Emoji characters that people use in their Tweets and IG posts (among the many other characters used). So I removed my regular expressions off my text inputs altogether.

Is there a danger in this? Does Meteor and/or Mongo do any kind of automatic cleansing/protection of text inputs from the client inherently? Is there any tools and/or regular expressions for handling Emoji characters? I know there’s some regular expressions out there on Stack Overflow but I’m afraid to use one because new Emoji characters will come out over time. And the expressions are really long and I wondered if there was a better way. I guess I could update my RegEx when new unicode characters are released.

Does leaving a text field open with no RegEx whatsoever leave my app vulnerable to any kind of script injection attacks?

I’m not sure if this helps, but it would be my assumption that emoji’s would come in a range or maybe a couple ranges of unicode characters. I’m not for certain but you should be able to match the range(s) with your regex. As far as script injection this should not be an issue unless you use triple brace tags like {{{contentWithScript}}}. If you stick to using double brace then Spacebars will handle escaping and not allow for this type of security hole.

1 Like

Take a look at this: emoji-picker package

1 Like