1
2
3
4
5
6
7
8
9
10
11
12
13
export function svgEmoji(req: express.Request, res: express.Response) {
const emoji = decodeURIComponent(req.path.replace("/", ""));
// People could (did) inject script tags here. So let's escape & and <
const cleanEmoji = emoji.replace(/&/g, "&").replace(/</g, "<");
res.set("Content-Type", "image/svg+xml");
res.set(
"Cache-Control",
`public, max-age=${60 * 60 * 24}, s-maxage=${60 * 60 * 24}`,
);
return res.send(
`<svg xmlns='http://www.w3.org/2000/svg' width='48' height='48' viewBox='0 0 16 16'><text x='0' y='14'>${cleanEmoji}</text></svg>`,
);
}