fix(ChatRoom) filter out bogus reaction emojis

modules/xmpp/ChatRoom.js

 import { getLogger } from '@jitsi/logger';
+import emojiRegex from 'emoji-regex';
 import $ from 'jquery';
 import { isEqual } from 'lodash-es';
 import { $iq, $msg, $pres, Strophe } from 'strophe.js';
 
 const logger = getLogger('modules/xmpp/ChatRoom');
 
+/**
+ * Regex that matches all emojis.
+ */
+const EMOJI_REGEX = emojiRegex();
+
 /**
  * How long we're going to wait for IQ response, before timeout error is triggered.
  * @type {number}
      * @param {string} receiverId - The receiver of the message if it is private.
      */
     sendReaction(reaction, messageId, receiverId) {
+        const m = reaction.match(EMOJI_REGEX);
+
+        if (!m || !m[0]) {
+            throw new Error(`Invalid reaction: ${reaction}`);
+        }
+
         // Adds the 'to' attribute depending on if the message is private or not.
         const msg = receiverId ? $msg({ to: `${this.roomjid}/${receiverId}`,
             type: 'chat' }) : $msg({ to: this.roomjid,
 
         msg.c('reactions', { id: messageId,
             xmlns: 'urn:xmpp:reactions:0' })
-            .c('reaction', {}, reaction)
+            .c('reaction', {}, m[0])
             .up().c('store', { xmlns: 'urn:xmpp:hints' });
 
         this.connection.send(msg);
 
             reactions.each((_, reactionElem) => {
                 const reaction = $(reactionElem).text();
+                const m = reaction.match(EMOJI_REGEX);
 
-                reactionList.push(reaction);
+                // Only allow one reaction per <reaction> element.
+                if (m && m[0]) {
+                    reactionList.push(m[0]);
+                }
             });
 
-            this.eventEmitter.emit(XMPPEvents.REACTION_RECEIVED, from, reactionList, messageId);
+            if (reactionList.length > 0) {
+                this.eventEmitter.emit(XMPPEvents.REACTION_RECEIVED, from, reactionList, messageId);
+            }
 
             return true;
         }

modules/xmpp/ChatRoom.spec.js

                 '</message>');
         });
     });
-});
 
+    describe('onMessage - reaction', () => {
+        let room;
+        let emitterSpy;
+
+        beforeEach(() => {
+            const xmpp = {
+                moderator: new Moderator({
+                    options: {}
+                }),
+                options: {},
+                addListener: () => {} // eslint-disable-line no-empty-function
+            };
+
+            room = new ChatRoom(
+                {} /* connection */,
+                'jid',
+                'password',
+                xmpp,
+                {} /* options */);
+            emitterSpy = spyOn(room.eventEmitter, 'emit');
+        });
+
+        it('parses reactions correctly', () => {
+            const msgStr = '' +
+                '<message to="jid" type="groupchat" xmlns="jabber:client">' +
+                    '<reactions id="mdgId123" xmlns="urn:xmpp:reactions:0">' +
+                        '<reaction>👍</reaction>' +
+                    '</reactions>' +
+                    '<store xmlns="urn:xmpp:hints"/>' +
+                '</message>';
+            const msg = new DOMParser().parseFromString(msgStr, 'text/xml').documentElement;
+
+            room.onMessage(msg, 'fromjid');
+            expect(emitterSpy.calls.count()).toEqual(1);
+            expect(emitterSpy).toHaveBeenCalledWith(
+                XMPPEvents.REACTION_RECEIVED,
+                'fromjid',
+                ['👍'],
+                'mdgId123');
+        });
+        it('parses multiple reactions correctly', () => {
+            const msgStr = '' +
+                '<message to="jid" type="groupchat" xmlns="jabber:client">' +
+                    '<reactions id="mdgId123" xmlns="urn:xmpp:reactions:0">' +
+                        '<reaction>👍</reaction>' +
+                        '<reaction>👎</reaction>' +
+                    '</reactions>' +
+                    '<store xmlns="urn:xmpp:hints"/>' +
+                '</message>';
+            const msg = new DOMParser().parseFromString(msgStr, 'text/xml').documentElement;
+
+            room.onMessage(msg, 'fromjid');
+            expect(emitterSpy.calls.count()).toEqual(1);
+            expect(emitterSpy).toHaveBeenCalledWith(
+                XMPPEvents.REACTION_RECEIVED,
+                'fromjid',
+                ['👍', '👎'],
+                'mdgId123');
+        });
+        it('parses partially bogus reactions correctly', () => {
+            const msgStr = '' +
+                '<message to="jid" type="groupchat" xmlns="jabber:client">' +
+                    '<reactions id="mdgId123" xmlns="urn:xmpp:reactions:0">' +
+                        '<reaction>👍 foo bar baz</reaction>' +
+                    '</reactions>' +
+                    '<store xmlns="urn:xmpp:hints"/>' +
+                '</message>';
+            const msg = new DOMParser().parseFromString(msgStr, 'text/xml').documentElement;
+
+            room.onMessage(msg, 'fromjid');
+            expect(emitterSpy.calls.count()).toEqual(1);
+            expect(emitterSpy).toHaveBeenCalledWith(
+                XMPPEvents.REACTION_RECEIVED,
+                'fromjid',
+                ['👍'],
+                'mdgId123');
+        });
+        it('parses bogus reactions correctly', () => {
+            const msgStr = '' +
+                '<message to="jid" type="groupchat" xmlns="jabber:client">' +
+                    '<reactions id="mdgId123" xmlns="urn:xmpp:reactions:0">' +
+                        '<reaction>foo bar baz</reaction>' +
+                    '</reactions>' +
+                    '<store xmlns="urn:xmpp:hints"/>' +
+                '</message>';
+            const msg = new DOMParser().parseFromString(msgStr, 'text/xml').documentElement;
+
+            room.onMessage(msg, 'fromjid');
+            expect(emitterSpy.calls.count()).toEqual(0);
+        });
+    });
+
+    describe('sendReaction', () => {
+        let room;
+        let connectionSpy;
+
+        beforeEach(() => {
+            const xmpp = {
+                moderator: new Moderator({
+                    options: {}
+                }),
+                options: {},
+                addListener: () => {} // eslint-disable-line no-empty-function
+            };
+
+            room = new ChatRoom(
+                // eslint-disable-next-line no-empty-function
+                { send: () => {} } /* connection */,
+                'jid',
+                'password',
+                xmpp,
+                {} /* options */);
+            connectionSpy = spyOn(room.connection, 'send');
+        });
+        it('sends a valid emoji reaction message', () => {
+            room.sendReaction('👍', 'mdgId123', 'participant1');
+            expect(connectionSpy.calls.argsFor(0).toString()).toBe(
+                '<message to="jid/participant1" type="chat" xmlns="jabber:client">' +
+                '<reactions id="mdgId123" xmlns="urn:xmpp:reactions:0"><reaction>👍</reaction></reactions>' +
+                '<store xmlns="urn:xmpp:hints"/></message>');
+        });
+        it('sends only valid emoji reaction message', () => {
+            room.sendReaction('I like this 👍', 'mdgId123', 'participant1');
+            expect(connectionSpy.calls.argsFor(0).toString()).toBe(
+                '<message to="jid/participant1" type="chat" xmlns="jabber:client">' +
+                '<reactions id="mdgId123" xmlns="urn:xmpp:reactions:0"><reaction>👍</reaction></reactions>' +
+                '<store xmlns="urn:xmpp:hints"/></message>');
+        });
+        it('sends only the first valid emoji reaction message', () => {
+            room.sendReaction('👍👎', 'mdgId123', 'participant1');
+            expect(connectionSpy.calls.argsFor(0).toString()).toBe(
+                '<message to="jid/participant1" type="chat" xmlns="jabber:client">' +
+                '<reactions id="mdgId123" xmlns="urn:xmpp:reactions:0"><reaction>👍</reaction></reactions>' +
+                '<store xmlns="urn:xmpp:hints"/></message>');
+        });
+        it('throws in case of invalid or no emoji', () => {
+            expect(() => room.sendReaction('foo bar baz', 'mdgId123', 'participant1')).toThrowError(/Invalid reaction/);
+        });
+    });
+});

package-lock.json

         "async-es": "3.2.4",
         "base64-js": "1.5.1",
         "current-executing-script": "0.1.3",
+        "emoji-regex": "10.4.0",
         "jquery": "3.6.1",
         "lodash-es": "4.17.21",
         "sdp-transform": "2.3.0",
       "license": "ISC"
     },
     "node_modules/emoji-regex": {
-      "version": "8.0.0",
-      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
-      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
-      "dev": true
+      "version": "10.4.0",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.4.0.tgz",
+      "integrity": "sha512-EC+0oUMY1Rqm4O6LLrgjtYDvcVYTy7chDnM4Q7030tP4Kwj3u/pR6gP9ygnp2CJMK5Gq+9Q2oqmrFJAz01DXjw==",
+      "license": "MIT"
     },
     "node_modules/emojis-list": {
       "version": "3.0.0",
         "node": ">=8"
       }
     },
+    "node_modules/string-width/node_modules/emoji-regex": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
+      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/string.prototype.trim": {
       "version": "1.2.10",
       "resolved": "https://registry.npmjs.org/string.prototype.trim/-/string.prototype.trim-1.2.10.tgz",
       "dev": true
     },
     "emoji-regex": {
-      "version": "8.0.0",
-      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
-      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
-      "dev": true
+      "version": "10.4.0",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.4.0.tgz",
+      "integrity": "sha512-EC+0oUMY1Rqm4O6LLrgjtYDvcVYTy7chDnM4Q7030tP4Kwj3u/pR6gP9ygnp2CJMK5Gq+9Q2oqmrFJAz01DXjw=="
     },
     "emojis-list": {
       "version": "3.0.0",
         "emoji-regex": "^8.0.0",
         "is-fullwidth-code-point": "^3.0.0",
         "strip-ansi": "^6.0.1"
+      },
+      "dependencies": {
+        "emoji-regex": {
+          "version": "8.0.0",
+          "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
+          "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
+          "dev": true
+        }
       }
     },
     "string.prototype.trim": {

package.json

     "async-es": "3.2.4",
     "base64-js": "1.5.1",
     "current-executing-script": "0.1.3",
+    "emoji-regex": "10.4.0",
     "jquery": "3.6.1",
     "lodash-es": "4.17.21",
     "sdp-transform": "2.3.0",