How to allow emojis? - Githubissues

microcosm-cc / bluemonday

bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

https://github.com/microcosm-cc/bluemonday

BSD 3-Clause "New" or "Revised" License

3.14k stars 176 forks source link

How to allow emojis? #82

Closed k0fi closed 5 years ago

k0fi commented 5 years ago

Using sanitization rule below converts emojies like 😀 to ? :

func StripHtml(s string) string {
    p := bluemonday.UGCPolicy()
    p.AllowAttrs("class").OnElements("img")
    return p.Sanitize(s)
}

I'm wondering how can I allow emojis to be saved without lowering the sanitization bar too much?

k0fi commented 5 years ago

It turned out that the snippet above just works fine to accept emojis. My problem was in mysql database. When I changed the column's collation to utf8mb4_bin, the problem is gone. Sorry, please close the issue.

buro9 commented 5 years ago

Sounds good to me :)

And yes, database collation is a gotcha, as-is passing the output of this through another language and not ensuring that UTF is the charset, etc.