/**
* HTML Sanitization Utility
*
* Provides safe HTML sanitization using DOMPurify to prevent XSS attacks.
*
* @since 4.7.0
*/
import DOMPurify, { Config } from 'dompurify';
/**
* Sanitize HTML content to prevent XSS attacks.
*
* @param {string} html - The HTML string to sanitize.
* @param {Config} config - Optional DOMPurify configuration.
* @returns {string} Sanitized HTML string safe for use with dangerouslySetInnerHTML.
*/
export function sanitizeHtml(html: string, config?: Config): string {
if (typeof window === 'undefined') {
// Server-side rendering fallback - comprehensive XSS sanitization
let sanitized = html;
// Remove script tags and their content
sanitized = sanitized.replace(/