Disabling external Emojis in the WordPress Admin GUI

In a previous article i mentioned that the “Disable Emojis” plugin removes requests to external servers for downloading Emoji graphics on a WordPress site. This works in the frontend (the part the user/customer visits). In the backend (the part the admin visits) there are hardcoded references to external emoji graphics., for example here:

https://github.com/WordPress/WordPress/blob/3d3e104908f875a0df3d5f7692feeb8874780b2a/wp-admin/about.php#L146

There also does not appear to be a suitable administrative filter that could be used to patch the unwanted HTML image references out of the effective HTML sent to the browser:

https://developer.wordpress.org/apis/hooks/filter-reference/#administrative-filters

However, the user browser suppresses the loading of such external graphics if the Content-Security-Policy (CSP) header sent by the webserver includes this statement:

img-src 'self' data:;

Now, user browsers will refuse to load any images that are not from the same site or are provided as “data” attributes (i.e. inline):