Set Status and HTML code

[vieridipaola]

friendlyState = friendlyState.replace(/[<>"'\r\n&]/g, function(chr){

is OK to avoid code injection, but it does not allow for "safe?" HTML code such as fontawesome icons. eg. &nbsp;<span style="color:orange;"><i class="fa fa-hand-spock-o"></i></span>&nbsp;<i class="fa fa-phone"></i>

Would it be possible to allow for HTML code (maybe filtering out potentially disturbing formats/tags) but not javascript code?

[InnovateAsterisk]

I'm thinking the (emoticons) unicode characters are more platform compatible and "nicer" than the font-awesome, not so? eg: 🖖🏼 📞

[vieridipaola]

Ah, yes, very good point. Was never fully aware of what the emoticon world had to offer... Will do. Thanks!

[vieridipaola]

BTW you wouldn't happen to know how to change the color of an emoticon? eg. 👌🏻 makes the thumbs-up a bit lighter, but how can I make it green or red or whatever? HTML span styling is easier of course. I wonder if I can easily change an emoji color.

Sorry if this question goes beyond the scope of Browser Phone...

[InnovateAsterisk]

On Mac, you click and hold until the option appears:

[vieridipaola]

Yeah, I get there's a way to customize (skin), but no easy out-of-the-box way to show eg. the same hand in different colors such as red, green, yellow, etc. Fontawesome icons work great with spans. I don't need to do any extra work.

Would it be possible to have a Browser Phone setting regarding "securing" the set status function? For instance: a "strict" setting would apply what phone.js is currently applying, but a "loose" setting would block javascript but allow HTML. How to do that... well, I don't know but a regexp that would search for the "script" tag would be enough I guess. Sure, plain HTML can also create UI havoc if inappropriate, but it should not be a security issue.