score:2

you can implement several mechanisms in your front-end, like:

  • "disabling the send button if the length of your message is 0" (from anuj kumar's comment above)
  • display an error message if the length of your message is 0, like a dialog box.

but what is more important is to implement a check in the back-end, because a malicious user could easily bypass your code and directly write to your database, for example by using the firestore rest api.

for that you would use some security rules along the following lines:

// ....
match /messages/{message} {
  allow create: if request.resource.data.text is string
  && request.resource.data.text.size() > 0;
  allow read: if ...;
  allow update: if ...;
  allow delete: if ...;
}

you'll find here in the doc more details on the methods you can apply to a string in security rules.


Related Query

More Query from same tag