From 4955f3eea7864b544908470c764398340caaf60e Mon Sep 17 00:00:00 2001
From: lebaudantoine <lebaud.antoine131@gmail.com>
Date: Thu, 27 Feb 2025 23:45:42 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F(frontend)=20validate=20em?=
 =?UTF-8?q?oji=20in=20notifications=20to=20prevent=20forbidden=20emoji?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add validation for emoji received through notifications to ensure
participants cannot send forbidden emoji characters. Improves security
by filtering potentially problematic content before display.
---
 .../src/features/notifications/MainNotificationToast.tsx   | 7 +++++--
 .../rooms/livekit/components/controls/ReactionsToggle.tsx  | 4 ++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/frontend/src/features/notifications/MainNotificationToast.tsx b/src/frontend/src/features/notifications/MainNotificationToast.tsx
index 0cbeb71f..81520967 100644
--- a/src/frontend/src/features/notifications/MainNotificationToast.tsx
+++ b/src/frontend/src/features/notifications/MainNotificationToast.tsx
@@ -7,7 +7,10 @@ import { NotificationDuration } from './NotificationDuration'
 import { Div } from '@/primitives'
 import { ChatMessage, isMobileBrowser } from '@livekit/components-core'
 import { useNotificationSound } from '@/features/notifications/hooks/useSoundNotification'
-import { Reaction } from '@/features/rooms/livekit/components/controls/ReactionsToggle'
+import {
+  EMOJIS,
+  Reaction,
+} from '@/features/rooms/livekit/components/controls/ReactionsToggle'
 import {
   ANIMATION_DURATION,
   ReactionPortals,
@@ -44,7 +47,7 @@ export const MainNotificationToast = () => {
   }, [room, triggerNotificationSound])
 
   const handleEmoji = (emoji: string, participant: Participant) => {
-    if (!emoji) return
+    if (!emoji || !EMOJIS.includes(emoji)) return
     const id = instanceIdRef.current++
     setReactions((prev) => [
       ...prev,
diff --git a/src/frontend/src/features/rooms/livekit/components/controls/ReactionsToggle.tsx b/src/frontend/src/features/rooms/livekit/components/controls/ReactionsToggle.tsx
index 1d480984..4bfa88e6 100644
--- a/src/frontend/src/features/rooms/livekit/components/controls/ReactionsToggle.tsx
+++ b/src/frontend/src/features/rooms/livekit/components/controls/ReactionsToggle.tsx
@@ -13,7 +13,8 @@ import {
 import { Toolbar as RACToolbar } from 'react-aria-components'
 import { Participant } from 'livekit-client'
 
-const EMOJIS = ['👍', '👎', '👏', '❤️', '😂', '😮', '🎉']
+// eslint-disable-next-line react-refresh/only-export-components
+export const EMOJIS = ['👍', '👎', '👏', '❤️', '😂', '😮', '🎉']
 
 export interface Reaction {
   id: number
@@ -144,7 +145,6 @@ export const ReactionsToggle = () => {
           </div>
         )}
       </div>
-
       <ReactionPortals reactions={reactions} />
     </>
   )