Hii so basically server doesn’t check if the emoji sent by the client is valid so the client is able to change “title” and “alt” attributes for the emoji <img with inspect element and send a custom message in an emoji, for someone not experienced with computers it may seem like the person wrote the…

Possible security issue with discourse retort emojis

sam (Sam Saffron) May 15, 2022, 11:45pm 7

For future travelers here, our official plugin is:

This issue does not impact the official plugin.

4 Likes

Topic		Replies	Views
I don't know if this is my delusion or if it really existed Support	6	631	May 16, 2023
Discourse Retort Plugin end-of-life	476	65306	April 4, 2025
Add ... option to Discourse Reactions Feature reactions	12	2198	September 27, 2024
Reaction emojis Support	4	1120	January 15, 2024
Discourse Reactions Plugin official , reactions , included-in-core	48	37516	August 1, 2025