Skip to content

Emoji Replacer Widget #2590

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Oct 28, 2025
Merged

Emoji Replacer Widget #2590

merged 8 commits into from
Oct 28, 2025

Conversation

@NayeemKaka
Copy link
Contributor

@NayeemKaka NayeemKaka commented Oct 28, 2025
edited
Loading

PR Description:

This widget enhances the user experience by automatically converting emojis code into visual emojis while typing - adding personality and clarity to text communication.

Pull Request Checklist

Overview

  • Put an x inside of the square brackets to check each item.
  • I have read and understood the CONTRIBUTING.md guidelines
  • My pull request has a descriptive title that accurately reflects the changes and the description has been filled in above.
  • I've included only files relevant to the changes described in the PR title and description
  • I've created a new branch in my forked repository for this contribution

Code Quality

  • My code is relevant to ServiceNow developers
  • My code snippets expand meaningfully on official ServiceNow documentation (if applicable)
  • I've disclosed use of ES2021 features (if applicable)
  • I've tested my code snippets in a ServiceNow environment (where possible)

Repository Structure Compliance

  • I've placed my code snippet(s) in one of the required top-level categories:
    • Core ServiceNow APIs/
    • Server-Side Components/
    • Client-Side Components/
    • Modern Development/
    • Integration/
    • Specialized Areas/
  • I've used appropriate sub-categories within the top-level categories
  • Each code snippet has its own folder with a descriptive name

Documentation

  • I've included a README.md file for each code snippet
  • The README.md includes:
    • Description of the code snippet functionality
    • Usage instructions or examples
    • Any prerequisites or dependencies
    • (Optional) Screenshots or diagrams if helpful

Restrictions

  • My PR does not include XML exports of ServiceNow records
  • My PR does not contain sensitive information (passwords, API keys, tokens)
  • My PR does not include changes that fall outside the described scope

@wiz0floyd wiz0floyd self-assigned this Oct 28, 2025
@github-actions
Copy link

github-actions bot commented Oct 28, 2025

👋 Unassigning @wiz0floyd due to inactivity (> 60 min without comments/reviews). This PR remains open for other reviewers.

@SapphicFire SapphicFire self-assigned this Oct 28, 2025
SapphicFire
SapphicFire approved these changes Oct 28, 2025
View reviewed changes
Copy link
Contributor

@SapphicFire SapphicFire left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me. Be very careful when trusting user input, as this can be used maliciously.

Modern Development/Service Portal Widgets/Emoji Replacer Widget/Client Script.cs
var regex = new RegExp(key.replace(/([.*+?^${}()|\[\]\/\\])/g,"\\$1"),'g');
text = text.replace(regex,c.emojiMap[key]);
}
c.outputText= $sce.trustAsHtml(text);
Copy link
Contributor

@SapphicFire SapphicFire Oct 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This use of $sce.trustAsHtml() gives explicit trust to the input and makes this widget vulnerable - using the below input will allow XSS:
<script>alert("XSS");</script>. I'll create an issue and quickly resolve this in a follow up

@SapphicFire SapphicFire merged commit 5b4f8b5 into ServiceNowDevProgram:main Oct 28, 2025
1 check passed
@SapphicFire SapphicFire mentioned this pull request Oct 28, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SapphicFire SapphicFire SapphicFire approved these changes

Assignees

@SapphicFire SapphicFire

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@NayeemKaka @SapphicFire @wiz0floyd