Hello World
This is bold text with a link
# HTML Sanitizer The `HtmlSanitizer` class provides a utility for sanitizing HTML content to prevent XSS (Cross-Site Scripting) attacks while maintaining safe HTML elements and attributes. ## Features - HTML content sanitization - Protection against XSS attacks - Configurable allowed tags and attributes - Support for custom styling and classes - Safe image handling with controlled schemes ## Usage ### Basic Usage ```typescript import { HtmlSanitizer } from "n-util"; // Sanitize HTML content const html = `
`; const sanitizedHtml = HtmlSanitizer.sanitize(html); // Result: Sanitized HTML with safe tags and attributes ``` ### Allowed Elements and Attributes The sanitizer allows the following by default: - Common HTML tags (p, div, span, etc.) - Basic text formatting (b, i, strong, em) - Links with href attributes - Images with src, alt attributes - Custom styling and classes - Safe URL schemes (http, https, data) ## API Reference ### HtmlSanitizer Class ```typescript class HtmlSanitizer ``` A utility class for sanitizing HTML content. #### Methods ##### sanitize ```typescript static sanitize(html: string): string ``` Sanitizes the given HTML string, removing potentially dangerous content while preserving safe elements. - Parameters: - `html`: The HTML string to sanitize - Returns: A sanitized HTML string - Throws: Error if html is null, undefined, or not a string ## Best Practices 1. **Input Validation**: - Always validate input before sanitization - Handle null or undefined values - Ensure input is a string 2. **Security Considerations**: - Use for user-generated content - Apply to all HTML content from untrusted sources - Consider additional validation for specific use cases 3. **Performance**: - Sanitize content before storage - Cache sanitized content when possible - Consider content length and complexity ## Examples ### User-Generated Content ```typescript // Example of sanitizing user-generated content class Comment { private _id: string; private _content: string; private _author: string; constructor(id: string, content: string, author: string) { this._id = id; this._content = HtmlSanitizer.sanitize(content); this._author = author; } get id(): string { return this._id; } get content(): string { return this._content; } get author(): string { return this._author; } } // Create a comment with sanitized content const comment = new Comment( "C001", 'This is bold text with
New content with dangerous link
New content with dangerous link
This content has custom styling and classes