So, this is a basic question about my methods of sanitizing user input and remaining flexible to emoji usage and maybe eventually support markdown and other languages.
I am currently using MeteorJS with ReactJS and NodeJS. In React I am using ES6 classes.
First, I am using a simple RegEx to only allow certain characters.
(!description.match(/^[a-zA-Z0-9_!@#$%^&*\s.-?\\]*$/)) { // although, this still lets in <, >...
After this, I am using xss to remove cross site scripts.
And then finally, I would submit to my database with a schema checking data type and whitelist characters.
Rendering on client side, I was going to use twemoji to parse the string from the database and help to display emojis.
Is there is better way to do all of this? Or just general improvements? Thoughts?
via Daltron
No comments:
Post a Comment