Emojis pose a security danger, please remove the emoji support
Given their overcomplicated nature, emojis often end up being a cause of vulnerabilities in numerous software last years.
https://www.vice.com/en/article/wxnj49/this-string-of-emojis-is-actually-malware
Examples of vulnerabilities regarding emojis:
- https://www.cve.org/CVERecord?id=CVE-2023-41989
- https://habr.com/ru/articles/191654/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3438
- https://9to5mac.com/2018/05/09/black-dot-bug-unicode-text-bug-to-crash-iphone-and-ipads/
- https://www.wired.com/story/apple-china-censorship-bug-iphone-crash-emoji/
- https://î.fr/defcon/DEF%20CON%2030%20-%20Hadrien%20Barral%20-%20Emoji%20Shellcoding:%20%F0%9F%9B%A0%EF%B8%8F,%20%F0%9F%A7%8C,%20and%20%F0%9F%A4%AF%20-%20Presentation.pdf
- https://medium.com/@fpatrik/how-i-found-an-xss-vulnerability-via-using-emojis-7ad72de49209
So both displaying emojis and allowing to send them pose a security risk.
Given the rationale behind deprecating XHTML-IM, I assume it makes sense to exclude emoji support from Gajim as well, to provide best experience for its users. This would reduce attack surface for Gajim users and prevent them from accidentally crashing other XMPP software.