Feature request: Prevent manipulation

[DoomDesign]

When using the plugin with a limited emoji set for users to choose from, it can very easily be manipulated:

A user simply has to edit the title-attribute of any of the displayed emojis in the picker to an emoji-shortcode of his choice (doable with the browser developer tools), then click the altered emoji, and without any checks, his custom emoji is inserted as a reaction to the post. This allows manipulation and trolling, and since there are no ways for the staff to edit or remove reactions, the selected emoji should be checked against the list of allowed emojis, before it is added to the post.