Appearance
apps/api/src/lib/sanitize.ts ​
Auto-generated by
scripts/generate-file-docs.ts. Do not edit — overwritten on every run.
Purpose ​
Minimal HTML sanitizer for user-authored rich-text fields. Per api-contracts.md §9: "The body field is sanitized server-side before storage to strip unsafe HTML." This is a conservative implementation — it removes <script> / <style> / <iframe> / <object> / <embed> blocks, drops on*= event handlers, and strips javascript: / data: URLs from href / src. For production a battle-tested library (DOMPurify with jsdom, or sanitize-html) is preferred; this implementation removes the most dangerous vectors and is safe as a stopgap. /
Exports ​
export function sanitizeRichText
Imports ​
(none detected)