Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Custom emoji #14

Open
jwheare opened this issue Apr 9, 2017 · 21 comments
Open

Custom emoji #14

jwheare opened this issue Apr 9, 2017 · 21 comments

Comments

@jwheare
Copy link
Member

jwheare commented Apr 9, 2017

Following on from discussion here: ircv3/ircv3-specifications#289 (comment)

Services like Slack and Twitch have custom emoji that go beyond the unicode standard. It would be good if IRC messages and reactions could support this too.

For reactions we could retain the plain text +react tag to serve as a fallback or tooltip/alt text value, but send a separate URL in a +react-image tag that clients can optionally display if they want to.

@+reply=123;+react=:lol:;+react-image=https://example.com/custom-emoji/lol.png :[email protected] TAGMSG #channel

For custom emoji in messages, we could send text replacement offsets, similar to twitch's custom "emotes" tag (https://dev.twitch.tv/docs/irc/tags/#privmsg-tags)

Using an +emoji client tag with JSON, it might look something like:

@+emoji=[{"url":"https://example.com/custom-emoji/lol.png","idx":[[0,5]]}] :[email protected] PRIVMSG #channel ::lol:

Plain text clients would just show a message :lol:, supporting clients would replace the text starting at index 0 with length 5 with the defined image.


I have working implementations of both of these in an unreleased project (suitably prefixed with draft/. Posting this here as a placeholder and for comments before I write up proper specs.

@SadieCat
Copy link

SadieCat commented Apr 9, 2017

Allowing arbitrary urls seems like a privacy risk to me.

@jwheare
Copy link
Member Author

jwheare commented Apr 9, 2017

This is no more of a risk for clients that already embed arbitrary image URLs.

@SadieCat
Copy link

SadieCat commented Apr 9, 2017

This is no more of a risk for clients that already embed arbitrary image URLs.

If you don't embed image urls you don't miss anything.

@jwheare
Copy link
Member Author

jwheare commented Apr 9, 2017

Thats why there's a text fallback. Clients that don't want to embed could even make the text clickable so users can open the urls if they want.

@jwheare
Copy link
Member Author

jwheare commented Apr 9, 2017

I would probably want to enforce https URLs though.

@lopcode
Copy link

lopcode commented Apr 9, 2017

It would be really nice to have this functionality in an actual spec. 👍

I don't think it's up to the spec to allow and disallow where images are stored, other than setting the expectation of a URL. I can definitely foresee clients allowing disabling / blacklisting / whitelisting though.

Are "non-normative" sections places for recommendations? HTTPS could be a strong recommendation, as well as having something mentioning privacy risks for client implementations.

@lopcode
Copy link

lopcode commented Apr 9, 2017

Another thought: is it up to the spec to recommand image formats? I suspect PNG / webp are the most appropriate, but again that's likely a client decision (whether to support it or not).

@Zarthus
Copy link

Zarthus commented Apr 9, 2017

Twitch sets custom emoji at server-level, it's less of a privacy infringement there because they always come from one source you trust (as it's the network you connect to)

Are plans for a network-supported whitelist of custom emotes part of your plan, or is this just limited to "let anyone specify anything at all, be it ascii goatse or just a regular picture of a cat"?

@jwheare
Copy link
Member Author

jwheare commented Apr 9, 2017

Plan is to support anything, client side only to be as broadly usable as possible. Something like a slack bridge could perform automated conversion of their custom emoji per server, but to the client it would be indistinguishable from a client sent tag.

@lopcode
Copy link

lopcode commented Apr 9, 2017

Moderation is best left to client and server implementations, as long as we're not painting people in to a corner in the spec somehow IMO.

@Zarthus
Copy link

Zarthus commented Apr 9, 2017

Per IRC, I've suggested a sort of Telegram-like Sticker-set where clients can maintain their own sets.

This would allow for:

  • client configurable whitelisting (display all stickers always, click on a sticker you haven't added to display it, display only stickers you have added) (effectively fixing privacy concerns and abuse)
  • caching
  • easily sharable files that can sync across clients, provided this specification defines a minimal normalized format or a future extension does
  • simple right click -> add sticker set to my library possibility

It would also sync nicely with existing implementations of the react specification by allowing for multiple tabs of custom sticker sets, like in this screenshot (Telegram mobile client for Android)

Yes, some of these suggestions are client-side implementation limited, and outside of scope, but I believe the benefits by defining a normalized format would all help create this sort of ecosystem, and it's one that I believe solves a lot of problems I have with the existing base idea.

@DanielOaks
Copy link
Member

DanielOaks commented Apr 10, 2017

I can see this idea being useful. However, allowing any URL and practically forcing automatic download+display of them for graphical clients makes me feel iffy about this from a privacy standpoint.

I'd feel more comfortable with something along the lines of the 'set' idea above, making it easier for clients to whitelist a number of known-good sets/packs for automagic download+display while letting the others be optionally clickable.

The set idea still feels a little clunky but better, and I think we could get to a decent middle-ground on privacy vs usability.

@jwheare
Copy link
Member Author

jwheare commented Apr 12, 2017

I think we need to be clear about our expectations for images. There are multiple features that involve image URLs and it'd be nice if we don't have to rehash this discussion each time.

Some image-oriented features I have in mind so far are: user avatar metadata, custom emoji/reactions/stickers, message attachments, embedded image URLs, channel logo metadata.

Whether or not a client fetches these images automatically or lets you opt in/out, or lets you use an anonymising proxy, or allows you to white/blacklist them by host, etc etc, is really probably always going to be a decision for that particular client to make. No one is being forced to do anything.

If every one of these features has a spec that requires clients to use some sort of verified network of trust system before ever showing an image I don't really see adoption getting off the ground. We should definitely mention the privacy implications and suggest some mitigation considerations, but I'm really opposed to hampering these features with requirements that put up road blocks for users who are aware of the implications, or trust the environment just getting a nice default experience.

Defining a way to share custom emoji sets between clients would be useful, for allowing users to input them, but I don't think it should be required for clients displaying them. A possible client feature could be only displaying explicitly trusted URLs, sure, but not a mandated one.

@dpyro
Copy link

dpyro commented Apr 12, 2017

Why not just allow each channel to include a link to an emoji stickersheet image?

@nomis
Copy link

nomis commented Jan 3, 2019

Custom emoji could be handled by the server having a URL prefix and then a defined lookup URL that returns all the available image names for the network and for each channel.

e.g. Server prefix is https://emoji.example/

The global emoji list would be available at https://emoji.example/index.xml and per-channel lists are available at https://emoji.example/%23channel.xml. Clients should make full use of HTTP caching headers to avoid placing too much demand on the web server providing this data.

It would then be up to IRC networks to define how these images are registered. Client privacy is maintained because each client is already known to the IRC server. This can be made to work for user and channel avatars too.

For inline text replacement I'd suggest using real emoji or the Unicode private use area.

e.g. @+emoji=\uE000=lol,\uE001=cry,👻=spooky PRIVMSG #channel :example text \uE000! \uE001 quite 👻

(The emoji list would specify 👻 as the fallback character. Clients that cannot render images would be able to render the fallback emoji or \uFFFD.)

@jwheare
Copy link
Member Author

jwheare commented Jan 3, 2019

The fallback should always just be text, not invisibles or arbitrary emoji that don't relate to the custom image. So, index positioning is required to avoid replacing the wrong stuff in the wrong place.

@GIJack
Copy link

GIJack commented Oct 26, 2019

Loading arbitrary URLs is just looking to be exploited and abused. Also adding custom images is also looking to be abused as well.

@TingPing
Copy link

TingPing commented Nov 9, 2019

Yes this would be a nightmare, clients would always use them insecurely, web apps only have a chance because they blame somebody when something inevitably gets exploited.

@trobotham
Copy link

Custom emoji could be handled by the server having a URL prefix and then a defined lookup URL that returns all the available image names for the network and for each channel.

e.g. Server prefix is https://emoji.example/

The global emoji list would be available at https://emoji.example/index.xml and per-channel lists are available at https://emoji.example/%23channel.xml. Clients should make full use of HTTP caching headers to avoid placing too much demand on the web server providing this data.

It would then be up to IRC networks to define how these images are registered. Client privacy is maintained because each client is already known to the IRC server. This can be made to work for user and channel avatars too.

For inline text replacement I'd suggest using real emoji or the Unicode private use area.

e.g. @+emoji=\uE000=lol,\uE001=cry,👻=spooky PRIVMSG #channel :example text \uE000! \uE001 quite 👻

(The emoji list would specify 👻 as the fallback character. Clients that cannot render images would be able to render the fallback emoji or \uFFFD.)

I would recommend using .well-known for the metadata

@Summertime
Copy link

Summertime commented Jun 19, 2022

horrible idea, but, if external servers are outright no good, then TAGMSGs to facilitate client-to-client emoji sharing?

upside, no privacy risk, no IP leaks, no e2ee leaks (assuming e2ee is used for the client tags too), no gigantic emoji

downside: no even-sane-sized emoji, would require some state-of-the-art encoder/decoders to get those sizes

extra big downside: a message like <person> Hi! :D could inflate to >4KB/person traffic, but all IRC servers are dwindling so luckily it'll never be a problem ha ha


Alternative, for server-to-client, TAGMSGs would still work, with the same limitations, just with a more centralized repository , emojiserv la same as nickserv or chanserv

@GIJack
Copy link

GIJack commented Jun 19, 2022

Arbitrary images and URLs are a security risk that transmitting UNICODE and letting the clients render images stored on their computers, hopefully done by trusted system packages is not.

IRCv3 should mostly be adding security mechanisms, authorization and authentication. But keep it simple, is what allowed it to scale to sizes not seen in modern systems(100k concurrent users in the same namespace)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests