Fix vulnerable client script in Emoji Replacer

This PR, #2590, introduced a small utility widget. While useful, it unfortunately includes an unnecessary degree of trust for user input which makes it vulnerable. Raising this issue to address that.