Files
srbhr--resume-matcher/apps/frontend/lib/utils/html-sanitizer.ts
T
wehub-resource-sync 5bdf4cc89a
Publish Docker Image / publish (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:39:36 +08:00

28 lines
723 B
TypeScript

import DOMPurify from 'isomorphic-dompurify';
/**
* Whitelist of allowed HTML tags for rich text content
*/
const ALLOWED_TAGS = ['strong', 'em', 'u', 'a'];
/**
* Whitelist of allowed HTML attributes
*/
const ALLOWED_ATTR = ['href', 'target', 'rel'];
/**
* Sanitizes HTML content using DOMPurify with a strict whitelist.
* Only allows bold, italic, underline, and link formatting.
* Uses isomorphic-dompurify which works in both browser and Node.js.
*
* @param dirty - The unsanitized HTML string
* @returns Sanitized HTML string safe for rendering
*/
export function sanitizeHtml(dirty: string): string {
return DOMPurify.sanitize(dirty, {
ALLOWED_TAGS,
ALLOWED_ATTR,
FORCE_BODY: true,
});
}