Hii so basically server doesn’t check if the emoji sent by the client is valid so the client is able to change “title” and “alt” attributes for the emoji <img with inspect element and send a custom message in an emoji, for someone not experienced with computers it may seem like the person wrote the…

Possible security issue with discourse retort emojis

sam (Sam Saffron) May 15, 2022, 11:45pm 7

For future travelers here, our official plugin is:

This issue does not impact the official plugin.

4 Likes

Topic		Replies	Views
Is there an API that can convert a topic into a PDF file? Support	1	46	February 19, 2025
Composer Footnote Button Theme component footnote , end-of-life	5	1170	May 10, 2025
How to add more emojis to like button Support	2	42	March 10, 2025
Has anyone used Discourse as a multi-user blog system? Feature	7	1465	August 5, 2020
How to replace text and update dynamically Support	3	852	November 4, 2022