import DOMPurify from 'isomorphic-dompurify'; /** * Sanitizes HTML content to prevent XSS attacks. * Use this before passing content to dangerouslySetInnerHTML. */ export function sanitizeHTML(html: string): string { return DOMPurify.sanitize(html, { USE_PROFILES: { html: true }, ALLOWED_TAGS: [ 'p', 'br', 'b', 'i', 'em', 'strong', 'a', 'ul', 'ol', 'li', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'blockquote', 'span', 'div', 'img', 'table', 'thead', 'tbody', 'tr', 'th', 'td' ], ALLOWED_ATTR: ['href', 'target', 'rel', 'src', 'alt', 'class', 'style'] }); }