@bernierllc/html-sanitizer

XSS Prevention and HTML Sanitization for User-Generated Content

A security-critical package that provides robust HTML sanitization to prevent XSS (Cross-Site Scripting) attacks in user-generated content. Built on battle-tested DOMPurify with configurable security profiles.

Installation

``bash npm install @bernierllc/html-sanitizer`

`Quick Start`

`typescript import { HtmlSanitizer, sanitizeHtml, SanitizationProfile } from '@bernierllc/html-sanitizer';

// Simple sanitization with defaults (MODERATE profile) const clean = sanitizeHtml('

Safe content

');
// Result: 'Safe content
' (script removed)
// Get detailed sanitization report
const sanitizer = new HtmlSanitizer();
const result = sanitizer.sanitize(userHtml);

console.log(result.html); // Clean HTML console.log(result.modified); // true if content was changed console.log(result.removedTags); // ['script', 'object'] console.log(result.xssPatterns); // ['script tag', 'event handler'] console.log(result.warnings); // Security warnings`

`Features`

- XSS Attack Prevention: Removes script tags, event handlers, dangerous protocols - Configurable Profiles: STRICT, MODERATE, RELAXED security levels - Custom Rules: Define your own allowed tags, attributes, and protocols - Security Reporting: Detailed reports of removed content and detected patterns - Performance Optimized: Built on DOMPurify, the industry standard - Zero-Config: Works out of the box with sensible defaults

`Security Profiles`

`$3`

Only basic text formatting - ideal for comments or simple user input:

`typescript import { sanitizeWithProfile, SanitizationProfile } from '@bernierllc/html-sanitizer';

const clean = sanitizeWithProfile(userHtml, SanitizationProfile.STRICT);`

Allowed: - Basic formatting:

,
, , , , , - Lists:

,
,
Blocked: - Links, images, tables, media, everything else $3 Standard blog content formatting - default for most use cases:
`typescript const sanitizer = new HtmlSanitizer(); // Uses MODERATE by default`
Allowed: - All STRICT tags - Headings:
through
- Links:- Images:- Code:, , Protocols: http, https, mailto $3 Rich content for trusted users - includes tables and embedded media: `typescript const clean = sanitizeWithProfile(userHtml, SanitizationProfile.RELAXED); ` Allowed: - All MODERATE tags - Tables: , , , , , - Media: <code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">, </code><video><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">, </code><audio><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">Custom Configuration</h2></p><p class="my-3">Define your own security rules:</p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />import { HtmlSanitizer } from '@bernierllc/html-sanitizer';</p><p class="my-3">const sanitizer = new HtmlSanitizer({<br /> allowedTags: ['p', 'a', 'strong', 'em'],<br /> allowedAttributes: {<br /> 'a': ['href', 'title']<br /> },<br /> allowedProtocols: ['https'], // Only HTTPS links<br /> allowStyles: false,<br /> allowDataUris: false<br />});</p><p class="my-3">const result = sanitizer.sanitize(userHtml);<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">API Reference</h2></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3">Main class for HTML sanitization.</p><p class="my-3">#### Constructor</p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />new HtmlSanitizer(config?: SanitizerConfig)<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><strong>Config Options:</strong><br />- </code>allowedTags?: string[]<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> - Whitelist of allowed HTML tags<br />- </code>allowedAttributes?: Record<string, string[]><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> - Allowed attributes per tag<br />- </code>allowedProtocols?: string[]<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> - Allowed URL protocols<br />- </code>allowStyles?: boolean<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> - Allow inline styles (default: false)<br />- </code>allowDataUris?: boolean<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> - Allow data: URIs (default: false)<br />- </code>mode?: 'strict' | 'moderate' | 'relaxed'<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> - Use predefined profile</p><p class="my-3">#### Methods</p><p class="my-3"><strong></code>sanitize(html: string): SanitizationResult<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></strong></p><p class="my-3">Sanitize HTML and get detailed report:</p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />const result = sanitizer.sanitize(html);</p><p class="my-3">// SanitizationResult:<br />{<br /> html: string; // Sanitized HTML<br /> modified: boolean; // Whether content was changed<br /> removedTags: string[]; // Tags that were removed<br /> removedAttributes: Array<{ // Attributes that were removed<br /> tag: string;<br /> attribute: string;<br /> }>;<br /> xssPatterns: string[]; // XSS patterns detected<br /> warnings: string[]; // Security warnings<br />}<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><strong></code>sanitizeWithProfile(html: string, profile: SanitizationProfile): SanitizationResult<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></strong></p><p class="my-3">Sanitize using a specific profile:</p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />const result = sanitizer.sanitizeWithProfile(html, SanitizationProfile.STRICT);<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><strong></code>validate(html: string): ValidationResult<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></strong></p><p class="my-3">Check if HTML is safe without modifying:</p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />const result = sanitizer.validate(html);</p><p class="my-3">// ValidationResult:<br />{<br /> safe: boolean; // Whether HTML is safe<br /> issues: string[]; // List of security issues<br />}<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3"><strong></code>sanitizeHtml(html: string, config?: SanitizerConfig): string<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></strong></p><p class="my-3">Quick sanitization, returns clean HTML string:</p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />import { sanitizeHtml } from '@bernierllc/html-sanitizer';</p><p class="my-3">const clean = sanitizeHtml(userInput);<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><strong></code>sanitizeWithProfile(html: string, profile: SanitizationProfile): string<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></strong></p><p class="my-3">Sanitize with a profile, returns clean HTML string:</p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />import { sanitizeWithProfile, SanitizationProfile } from '@bernierllc/html-sanitizer';</p><p class="my-3">const clean = sanitizeWithProfile(userInput, SanitizationProfile.STRICT);<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><strong></code>validateHtml(html: string): { safe: boolean; issues: string[] }<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></strong></p><p class="my-3">Validate HTML safety:</p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />import { validateHtml } from '@bernierllc/html-sanitizer';</p><p class="my-3">const result = validateHtml(userInput);<br />if (!result.safe) {<br /> console.error('Unsafe HTML:', result.issues);<br />}<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">XSS Attack Prevention</h2></p><p class="my-3">This package protects against all common XSS attack vectors:</p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />const html = '<p>Hello</p><script>alert("XSS")</script>';<br />const result = sanitizer.sanitize(html);</p><p class="my-3">// result.html: '<p>Hello</p>'<br />// result.removedTags: ['script']<br />// result.xssPatterns: ['script tag']<br />// result.warnings: ['CRITICAL: Dangerous executable content removed']<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />const html = '<img src="x" onerror="alert(1)">';<br />const result = sanitizer.sanitize(html);</p><p class="my-3">// onerror attribute removed<br />// result.xssPatterns: ['event handler']<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />const html = '<a href="javascript:alert(1)">Click</a>';<br />const result = sanitizer.sanitize(html);</p><p class="my-3">// javascript: protocol removed<br />// result.xssPatterns: ['javascript: protocol']<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />const html = '<img src="data:text/html,<script>alert(1)</script>">';<br />const result = sanitizer.sanitize(html);</p><p class="my-3">// Detected and blocked<br />// result.xssPatterns: ['data: URI']<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />const html = '<object data="malicious.swf"></object>';<br />const result = sanitizer.sanitize(html);</p><p class="my-3">// <object> and <embed> tags always removed<br />// result.removedTags: ['object']<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">Security Best Practices</h2></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />// ✅ CORRECT<br />app.post('/comment', (req, res) => {<br /> const sanitized = sanitizeHtml(req.body.comment);<br /> await saveComment(sanitized);<br />});</p><p class="my-3">// ❌ WRONG - Never trust user input<br />app.post('/comment', (req, res) => {<br /> await saveComment(req.body.comment); // Dangerous!<br />});<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />// Comments: Use STRICT<br />const comment = sanitizeWithProfile(userComment, SanitizationProfile.STRICT);</p><p class="my-3">// Blog posts: Use MODERATE (default)<br />const blogPost = sanitizeHtml(userBlogPost);</p><p class="my-3">// Admin content: Use RELAXED (only for trusted users)<br />if (user.isAdmin) {<br /> const adminContent = sanitizeWithProfile(userContent, SanitizationProfile.RELAXED);<br />}<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />const result = sanitizer.sanitize(userHtml);</p><p class="my-3">if (result.xssPatterns.length > 0) {<br /> // Log security event<br /> logger.warn('XSS attempt detected', {<br /> userId: user.id,<br /> patterns: result.xssPatterns,<br /> removedTags: result.removedTags<br /> });<br />}<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />const validation = validateHtml(userInput);</p><p class="my-3">if (!validation.safe) {<br /> return res.status(400).json({<br /> error: 'Content contains unsafe HTML',<br /> issues: validation.issues<br /> });<br />}<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">Performance</h2></p><p class="my-3">- <strong>Typical blog post (5KB)</strong>: <10ms<br />- <strong>Large content (500KB)</strong>: <100ms<br />- <strong>Memory usage</strong>: <50MB for large content</p><p class="my-3">Built on DOMPurify, which is highly optimized and used by millions of websites.</p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">Integration Status</h2></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3><br /><strong>Status</strong>: Optional (recommended for security monitoring)</p><p class="my-3"><strong>Justification</strong>: While this package can function without logging, it's highly recommended to integrate </code>@bernierllc/logger<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> for security event monitoring. The sanitizer can detect and remove XSS patterns, and logging these events helps with security auditing and threat detection. However, the package is designed to work without logging for environments where logging isn't available.</p><p class="my-3"><strong>Pattern</strong>: Optional integration - package works without logger, but logger enhances security monitoring capabilities.</p><p class="my-3"><strong>Example Integration</strong>:<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />import { Logger } from '@bernierllc/logger';<br />import { HtmlSanitizer } from '@bernierllc/html-sanitizer';</p><p class="my-3">const logger = new Logger({ service: 'html-sanitizer' });<br />const sanitizer = new HtmlSanitizer();</p><p class="my-3">const result = sanitizer.sanitize(userHtml);<br />if (result.xssPatterns.length > 0) {<br /> logger.warn('XSS attempt detected', {<br /> patterns: result.xssPatterns,<br /> removedTags: result.removedTags<br /> });<br />}<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3><br /><strong>Status</strong>: Not applicable</p><p class="my-3"><strong>Justification</strong>: This is a core utility package that performs HTML sanitization. It does not participate in service discovery, event publishing, or service mesh operations. While security events could theoretically be published to NeverHub, this package focuses solely on sanitization logic and delegates event handling to calling code.</p><p class="my-3"><strong>Pattern</strong>: Core utility - no service mesh integration needed. Security events should be handled by the application layer that uses this sanitizer.</p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3><br /><strong>Status</strong>: Ready</p><p class="my-3"><strong>Format</strong>: TypeDoc-compatible JSDoc comments are included throughout the source code. All public APIs are documented with examples and type information.</p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">Dependencies</h2></p><p class="my-3">- <strong>dompurify</strong> (^3.1.7) - HTML sanitization engine<br />- <strong>jsdom</strong> (^25.0.1) - DOM implementation for Node.js</p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">Development</h2></p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">bash<br /><h1 class="text-2xl font-bold mt-6 mb-4">Install dependencies</h1><br />npm install</p><p class="my-3"><h1 class="text-2xl font-bold mt-6 mb-4">Run tests</h1><br />npm test</p><p class="my-3"><h1 class="text-2xl font-bold mt-6 mb-4">Run tests with coverage</h1><br />npm run test:coverage</p><p class="my-3"><h1 class="text-2xl font-bold mt-6 mb-4">Build package</h1><br />npm run build</p><p class="my-3"><h1 class="text-2xl font-bold mt-6 mb-4">Lint code</h1><br />npm run lint<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">Testing</h2></p><p class="my-3">This package has comprehensive test coverage (90%+) including:</p><p class="my-3">- XSS attack prevention (script tags, event handlers, protocols)<br />- All security profiles (strict, moderate, relaxed)<br />- Custom configuration options<br />- Edge cases (malformed HTML, Unicode, large input)<br />- Sanitization result metadata</p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">Related Packages</h2></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3><br />- </code>dompurify<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> (npm) - HTML sanitization engine<br />- </code>jsdom<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> (npm) - DOM implementation</p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3><br />- </code>@bernierllc/content-transformer<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> - Content format conversions<br />- </code>@bernierllc/content-editor-service<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> - Editor backend<br />- </code>@bernierllc/markdown-renderer` - HTML output sanitization</p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3><br />- <strong>Content Management Suite</strong> - Blog content and commit message workflows</p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">License</h2></p><p class="my-3">Copyright (c) 2025 Bernier LLC</p><p class="my-3">This file is licensed to the client under a limited-use license.<br />The client may use and modify this code <em>only within the scope of the project it was delivered for</em>.<br />Redistribution or use in other products or commercial offerings is not permitted without written consent from Bernier LLC.</p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">Security</h2></p><p class="my-3">For security concerns or to report vulnerabilities, please contact: security@bernierllc.com</p><p class="my-3"><strong>This is a security-critical package. All XSS vulnerabilities are treated as high priority.</strong><br /></p></div><div class="flex justify-center absolute inset-x-0 bottom-0 bg-gradient-to-t from-background via-background to-transparent pb-4 pt-16"><button data-slot="button" class="inline-flex items-center justify-center whitespace-nowrap text-sm font-medium transition-all disabled:pointer-events-none disabled:opacity-50 [&_svg]:pointer-events-none [&_svg:not([class*='size-'])]:size-4 shrink-0 [&_svg]:shrink-0 outline-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive border bg-background shadow-xs hover:bg-accent hover:text-accent-foreground dark:bg-input/30 dark:border-input dark:hover:bg-input/50 h-8 rounded-md gap-1.5 px-3 has-[>svg]:px-2.5"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-chevron-down mr-1 h-4 w-4"><path d="m6 9 6 6 6-6"></path></svg>Show more</button></div></div></div><template id="P:3"></template><template id="P:4"></template></div></div><div class="space-y-8"><div class="flex flex-col gap-6 lg:flex-row lg:gap-8"><div class="flex-1 space-y-4"><div data-slot="skeleton" class="bg-accent animate-pulse rounded-md h-10 w-64"></div><div data-slot="skeleton" class="bg-accent animate-pulse rounded-md h-6 w-full max-w-xl"></div><div class="flex gap-2"><div data-slot="skeleton" class="bg-accent animate-pulse rounded-md h-6 w-16"></div><div data-slot="skeleton" class="bg-accent animate-pulse rounded-md h-6 w-20"></div><div data-slot="skeleton" class="bg-accent animate-pulse rounded-md h-6 w-14"></div></div></div><div class="w-full lg:w-80"><div data-slot="skeleton" class="bg-accent animate-pulse rounded-md h-32 w-full"></div></div></div><div class="space-y-4"><div data-slot="skeleton" class="bg-accent animate-pulse rounded-md h-10 w-64"></div><div data-slot="skeleton" class="bg-accent animate-pulse rounded-md h-64 w-full"></div></div></div></main></div><script>requestAnimationFrame(function(){$RT=performance.now()});</script><script src="/_next/static/chunks/9b9784636e791b20.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd" id="_R_" async=""></script><script>(self.__next_f=self.__next_f||[]).push([0])</script><script>self.__next_f.push([1,"1:\"$Sreact.fragment\"\n2:I[39756,[\"/_next/static/chunks/ff1a16fafef87110.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/d2be314c3ece3fbe.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"default\"]\n3:I[37457,[\"/_next/static/chunks/ff1a16fafef87110.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/d2be314c3ece3fbe.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"default\"]\n4:I[49786,[\"/_next/static/chunks/d25c1c87321c1e5e.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/d23d08e0b5d1d215.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/ae55acb14c32e044.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"Header\"]\n5:I[22016,[\"/_next/static/chunks/d25c1c87321c1e5e.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/d23d08e0b5d1d215.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/ae55acb14c32e044.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"\"]\nc:I[68027,[\"/_next/static/chunks/ff1a16fafef87110.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/d2be314c3ece3fbe.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"default\"]\nd:I[2355,[\"/_next/static/chunks/d25c1c87321c1e5e.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"Analytics\"]\nf:I[97367,[\"/_next/static/chunks/ff1a16fafef87110.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/d2be314c3ece3fbe.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"OutletBoundary\"]\n10:\"$Sreact.suspense\"\n12:I[97367,[\"/_next/static/chunks/ff1a16fafef87110.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/d2be314c3ece3fbe.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"ViewportBoundary\"]\n14:I[97367,[\"/_next/static/chunks/ff1a16fafef87110.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/d2be314c3ece3fbe.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"MetadataBoundary\"]\n:HL[\"/_next/static/chunks/60ba853f5ed1b16b.css?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"style\"]\n:HL[\"/_next/static/chunks/9c76f6dd8b5c38e2.css?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"style\"]\n:HL[\"/_next/static/media/68d403cf9f2c68c5-s.p.f9f15f61.woff2\",\"font\",{\"crossOrigin\":\"\",\"type\":\"font/woff2\"}]\n:HL[\"/_next/static/media/797e433ab948586e-s.p.dbea232f.woff2\",\"font\",{\"crossOrigin\":\"\",\"type\":\"font/woff2\"}]\n:HL[\"/_next/static/media/caa3a2e1cccd8315-s.p.853070df.woff2\",\"font\",{\"crossOrigin\":\"\",\"type\":\"font/woff2\"}]\n"])</script><script>self.__next_f.push([1,"0:{\"P\":null,\"b\":\"x_DymHuNhDTJUp7Mmr_Ru\",\"c\":[\"\",\"package\",\"%40bernierllc%2Fhtml-sanitizer\"],\"q\":\"\",\"i\":false,\"f\":[[[\"\",{\"children\":[\"package\",{\"children\":[[\"name\",\"%40bernierllc/html-sanitizer\",\"c\"],{\"children\":[\"__PAGE__\",{}]}]}]},\"$undefined\",\"$undefined\",true],[[\"$\",\"$1\",\"c\",{\"children\":[[[\"$\",\"link\",\"0\",{\"rel\":\"stylesheet\",\"href\":\"/_next/static/chunks/60ba853f5ed1b16b.css?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"precedence\":\"next\",\"crossOrigin\":\"$undefined\",\"nonce\":\"$undefined\"}],[\"$\",\"link\",\"1\",{\"rel\":\"stylesheet\",\"href\":\"/_next/static/chunks/9c76f6dd8b5c38e2.css?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"precedence\":\"next\",\"crossOrigin\":\"$undefined\",\"nonce\":\"$undefined\"}],[\"$\",\"script\",\"script-0\",{\"src\":\"/_next/static/chunks/d25c1c87321c1e5e.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"async\":true,\"nonce\":\"$undefined\"}]],[\"$\",\"html\",null,{\"lang\":\"en\",\"children\":[\"$\",\"body\",null,{\"className\":\"font-sans antialiased\",\"children\":[[\"$\",\"$L2\",null,{\"parallelRouterKey\":\"children\",\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L3\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":[[\"$\",\"div\",null,{\"className\":\"min-h-screen bg-background\",\"children\":[[\"$\",\"$L4\",null,{}],[\"$\",\"main\",null,{\"className\":\"mx-auto flex max-w-md flex-col items-center justify-center px-4 py-24 text-center\",\"children\":[[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-package mb-6 h-16 w-16 text-muted-foreground\",\"children\":[[\"$\",\"path\",\"1a0edw\",{\"d\":\"M11 21.73a2 2 0 0 0 2 0l7-4A2 2 0 0 0 21 16V8a2 2 0 0 0-1-1.73l-7-4a2 2 0 0 0-2 0l-7 4A2 2 0 0 0 3 8v8a2 2 0 0 0 1 1.73z\"}],[\"$\",\"path\",\"d0xqtd\",{\"d\":\"M12 22V12\"}],[\"$\",\"path\",\"yx3hmr\",{\"d\":\"m3.3 7 7.703 4.734a2 2 0 0 0 1.994 0L20.7 7\"}],[\"$\",\"path\",\"1c824w\",{\"d\":\"m7.5 4.27 9 5.15\"}],\"$undefined\"]}],[\"$\",\"h1\",null,{\"className\":\"mb-2 text-3xl font-bold\",\"children\":\"404\"}],[\"$\",\"h2\",null,{\"className\":\"mb-4 text-xl text-muted-foreground\",\"children\":\"Page not found\"}],[\"$\",\"p\",null,{\"className\":\"mb-8 text-muted-foreground\",\"children\":\"The page you're looking for doesn't exist or has been moved.\"}],[\"$\",\"div\",null,{\"className\":\"flex gap-3\",\"children\":[[\"$\",\"$L5\",null,{\"href\":\"/\",\"children\":[[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-house mr-1.5 h-4 w-4\",\"children\":[[\"$\",\"path\",\"5wwlr5\",{\"d\":\"M15 21v-8a1 1 0 0 0-1-1h-4a1 1 0 0 0-1 1v8\"}],[\"$\",\"path\",\"1d0kgt\",{\"d\":\"M3 10a2 2 0 0 1 .709-1.528l7-5.999a2 2 0 0 1 2.582 0l7 5.999A2 2 0 0 1 21 10v9a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2z\"}],\"$undefined\"]}],\"Go home\"],\"data-slot\":\"button\",\"className\":\"inline-flex items-center justify-center gap-2 whitespace-nowrap rounded-md text-sm font-medium transition-all disabled:pointer-events-none disabled:opacity-50 [\u0026_svg]:pointer-events-none [\u0026_svg:not([class*='size-'])]:size-4 shrink-0 [\u0026_svg]:shrink-0 outline-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive bg-primary text-primary-foreground hover:bg-primary/90 h-9 px-4 py-2 has-[\u003esvg]:px-3\",\"ref\":null}],[\"$\",\"$L5\",null,{\"href\":\"/search\",\"children\":[[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-search mr-1.5 h-4 w-4\",\"children\":[[\"$\",\"circle\",\"4ej97u\",{\"cx\":\"11\",\"cy\":\"11\",\"r\":\"8\"}],[\"$\",\"path\",\"1qie3q\",{\"d\":\"m21 21-4.3-4.3\"}],\"$undefined\"]}],\"Search packages\"],\"data-slot\":\"button\",\"className\":\"inline-flex items-center justify-center gap-2 whitespace-nowrap rounded-md text-sm font-medium transition-all disabled:pointer-events-none disabled:opacity-50 [\u0026_svg]:pointer-events-none [\u0026_svg:not([class*='size-'])]:size-4 shrink-0 [\u0026_svg]:shrink-0 outline-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive border bg-background shadow-xs hover:bg-accent hover:text-accent-foreground dark:bg-input/30 dark:border-input dark:hover:bg-input/50 h-9 px-4 py-2 has-[\u003esvg]:px-3\",\"ref\":null}]]}]]}]]}],[]],\"forbidden\":\"$undefined\",\"unauthorized\":\"$undefined\"}],\"$L6\"]}]}]]}],{\"children\":[\"$L7\",{\"children\":[\"$L8\",{\"children\":[\"$L9\",{},null,false,false]},[\"$La\",[],[]],false,false]},null,false,false]},null,false,false],\"$Lb\",false]],\"m\":\"$undefined\",\"G\":[\"$c\",[]],\"S\":false}\n"])</script><script>self.__next_f.push([1,"6:[\"$\",\"$Ld\",null,{}]\n7:[\"$\",\"$1\",\"c\",{\"children\":[null,[\"$\",\"$L2\",null,{\"parallelRouterKey\":\"children\",\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L3\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"forbidden\":\"$undefined\",\"unauthorized\":\"$undefined\"}]]}]\n8:[\"$\",\"$1\",\"c\",{\"children\":[null,[\"$\",\"$L2\",null,{\"parallelRouterKey\":\"children\",\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L3\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"forbidden\":\"$undefined\",\"unauthorized\":\"$undefined\"}]]}]\n9:[\"$\",\"$1\",\"c\",{\"children\":[\"$Le\",[[\"$\",\"script\",\"script-0\",{\"src\":\"/_next/static/chunks/d23d08e0b5d1d215.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"async\":true,\"nonce\":\"$undefined\"}],[\"$\",\"script\",\"script-1\",{\"src\":\"/_next/static/chunks/ae55acb14c32e044.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"async\":true,\"nonce\":\"$undefined\"}]],[\"$\",\"$Lf\",null,{\"children\":[\"$\",\"$10\",null,{\"name\":\"Next.MetadataOutlet\",\"children\":\"$@11\"}]}]]}]\na:null\nb:[\"$\",\"$1\",\"h\",{\"children\":[null,[\"$\",\"$L12\",null,{\"children\":\"$L13\"}],[\"$\",\"div\",null,{\"hidden\":true,\"children\":[\"$\",\"$L14\",null,{\"children\":[\"$\",\"$10\",null,{\"name\":\"Next.Metadata\",\"children\":\"$L15\"}]}]}],[\"$\",\"meta\",null,{\"name\":\"next-size-adjust\",\"content\":\"\"}]]}]\n"])</script><script>self.__next_f.push([1,"e:[\"$\",\"div\",null,{\"className\":\"min-h-screen bg-background\",\"children\":[[\"$\",\"$L4\",null,{}],[\"$\",\"main\",null,{\"className\":\"mx-auto max-w-6xl px-4 py-8\",\"children\":[\"$\",\"$10\",null,{\"fallback\":[\"$\",\"div\",null,{\"className\":\"space-y-8\",\"children\":[[\"$\",\"div\",null,{\"className\":\"flex flex-col gap-6 lg:flex-row lg:gap-8\",\"children\":[[\"$\",\"div\",null,{\"className\":\"flex-1 space-y-4\",\"children\":[[\"$\",\"div\",null,{\"data-slot\":\"skeleton\",\"className\":\"bg-accent animate-pulse rounded-md h-10 w-64\"}],[\"$\",\"div\",null,{\"data-slot\":\"skeleton\",\"className\":\"bg-accent animate-pulse rounded-md h-6 w-full max-w-xl\"}],[\"$\",\"div\",null,{\"className\":\"flex gap-2\",\"children\":[[\"$\",\"div\",null,{\"data-slot\":\"skeleton\",\"className\":\"bg-accent animate-pulse rounded-md h-6 w-16\"}],[\"$\",\"div\",null,{\"data-slot\":\"skeleton\",\"className\":\"bg-accent animate-pulse rounded-md h-6 w-20\"}],[\"$\",\"div\",null,{\"data-slot\":\"skeleton\",\"className\":\"bg-accent animate-pulse rounded-md h-6 w-14\"}]]}]]}],[\"$\",\"div\",null,{\"className\":\"w-full lg:w-80\",\"children\":[\"$\",\"div\",null,{\"data-slot\":\"skeleton\",\"className\":\"bg-accent animate-pulse rounded-md h-32 w-full\"}]}]]}],[\"$\",\"div\",null,{\"className\":\"space-y-4\",\"children\":[[\"$\",\"div\",null,{\"data-slot\":\"skeleton\",\"className\":\"bg-accent animate-pulse rounded-md h-10 w-64\"}],[\"$\",\"div\",null,{\"data-slot\":\"skeleton\",\"className\":\"bg-accent animate-pulse rounded-md h-64 w-full\"}]]}]]}],\"children\":\"$L16\"}]}]]}]\n"])</script><script>self.__next_f.push([1,"13:[[\"$\",\"meta\",\"0\",{\"charSet\":\"utf-8\"}],[\"$\",\"meta\",\"1\",{\"name\":\"viewport\",\"content\":\"width=device-width, initial-scale=1\"}]]\n"])</script><script>self.__next_f.push([1,"17:I[27201,[\"/_next/static/chunks/ff1a16fafef87110.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/d2be314c3ece3fbe.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"IconMark\"]\n11:null\n15:[[\"$\",\"title\",\"0\",{\"children\":\"@bernierllc/html-sanitizer - npm explorer\"}],[\"$\",\"meta\",\"1\",{\"name\":\"description\",\"content\":\"XSS prevention and HTML sanitization for user-generated content\"}],[\"$\",\"link\",\"2\",{\"rel\":\"icon\",\"href\":\"/icon-light-32x32.png\",\"media\":\"(prefers-color-scheme: light)\"}],[\"$\",\"link\",\"3\",{\"rel\":\"icon\",\"href\":\"/icon-dark-32x32.png\",\"media\":\"(prefers-color-scheme: dark)\"}],[\"$\",\"link\",\"4\",{\"rel\":\"icon\",\"href\":\"/icon.svg\",\"type\":\"image/svg+xml\"}],[\"$\",\"link\",\"5\",{\"rel\":\"apple-touch-icon\",\"href\":\"/apple-icon.png\"}],[\"$\",\"$L17\",\"6\",{}]]\n"])</script><title>@bernierllc/html-sanitizer - npm explorer</title><meta name="description" content="XSS prevention and HTML sanitization for user-generated content"/><link rel="icon" href="/icon-light-32x32.png" media="(prefers-color-scheme: light)"/><link rel="icon" href="/icon-dark-32x32.png" media="(prefers-color-scheme: dark)"/><link rel="icon" href="/icon.svg" type="image/svg+xml"/><link rel="apple-touch-icon" href="/apple-icon.png"/><script >document.querySelectorAll('body link[rel="icon"], body link[rel="apple-touch-icon"]').forEach(el => document.head.appendChild(el))</script><div style="display:none" id="S:2"></div><script>$RB=[];$RV=function(a){$RT=performance.now();for(var b=0;b<a.length;b+=2){var c=a[b],e=a[b+1];null!==e.parentNode&&e.parentNode.removeChild(e);var f=c.parentNode;if(f){var g=c.previousSibling,h=0;do{if(c&&8===c.nodeType){var d=c.data;if("/$"===d||"/&"===d)if(0===h)break;else h--;else"$"!==d&&"$?"!==d&&"$~"!==d&&"$!"!==d&&"&"!==d||h++}d=c.nextSibling;f.removeChild(c);c=d}while(c);for(;e.firstChild;)f.insertBefore(e.firstChild,c);g.data="$";g._reactRetry&&requestAnimationFrame(g._reactRetry)}}a.length=0}; $RC=function(a,b){if(b=document.getElementById(b))(a=document.getElementById(a))?(a.previousSibling.data="$~",$RB.push(a,b),2===$RB.length&&("number"!==typeof $RT?requestAnimationFrame($RV.bind(null,$RB)):(a=performance.now(),setTimeout($RV.bind(null,$RB),2300>a&&2E3<a?2300-a:$RT+300-a)))):b.parentNode.removeChild(b)};$RC("B:2","S:2")</script><div style="display:none" id="S:0"></div><script>$RC("B:0","S:0")</script><script>self.__next_f.push([1,"16:[\"$\",\"div\",null,{\"className\":\"space-y-8\",\"children\":[[\"$\",\"div\",null,{\"className\":\"flex flex-col gap-6 lg:flex-row lg:gap-8\",\"children\":[[\"$\",\"div\",null,{\"className\":\"flex-1 space-y-4\",\"children\":[[\"$\",\"div\",null,{\"className\":\"flex flex-wrap items-start gap-3\",\"children\":[[\"$\",\"h1\",null,{\"className\":\"font-mono text-2xl font-bold sm:text-3xl\",\"children\":\"@bernierllc/html-sanitizer\"}],[\"$\",\"div\",null,{\"className\":\"flex flex-wrap items-center gap-2\",\"children\":[[\"$\",\"span\",null,{\"data-slot\":\"badge\",\"className\":\"inline-flex items-center justify-center rounded-md border px-2 py-0.5 text-xs font-medium w-fit whitespace-nowrap shrink-0 [\u0026\u003esvg]:size-3 gap-1 [\u0026\u003esvg]:pointer-events-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive transition-[color,box-shadow] overflow-hidden border-transparent bg-secondary text-secondary-foreground [a\u0026]:hover:bg-secondary/90 font-mono\",\"children\":[\"v\",\"1.2.0\"]}],[\"$\",\"span\",null,{\"data-slot\":\"badge\",\"className\":\"inline-flex items-center justify-center rounded-md border px-2 py-0.5 text-xs font-medium w-fit whitespace-nowrap shrink-0 [\u0026\u003esvg]:size-3 gap-1 [\u0026\u003esvg]:pointer-events-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive transition-[color,box-shadow] overflow-hidden [a\u0026]:hover:bg-accent [a\u0026]:hover:text-accent-foreground text-blue-600 border-blue-200\",\"children\":[[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-file-code mr-1 h-3 w-3\",\"children\":[[\"$\",\"path\",\"1tg20x\",{\"d\":\"M10 12.5 8 15l2 2.5\"}],[\"$\",\"path\",\"yinavb\",{\"d\":\"m14 12.5 2 2.5-2 2.5\"}],[\"$\",\"path\",\"tnqrlb\",{\"d\":\"M14 2v4a2 2 0 0 0 2 2h4\"}],[\"$\",\"path\",\"1mlx9k\",{\"d\":\"M15 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V7z\"}],\"$undefined\"]}],\"TypeScript\"]}],\"$undefined\"]}]]}],\"$undefined\",[\"$\",\"p\",null,{\"className\":\"text-lg text-muted-foreground\",\"children\":\"XSS prevention and HTML sanitization for user-generated content\"}],[\"$\",\"div\",null,{\"className\":\"flex flex-wrap gap-1.5\",\"children\":[[\"$\",\"$L5\",\"html\",{\"href\":\"/search?q=html\",\"children\":[\"$\",\"span\",null,{\"data-slot\":\"badge\",\"className\":\"inline-flex items-center justify-center rounded-md border px-2 py-0.5 w-fit whitespace-nowrap shrink-0 [\u0026\u003esvg]:size-3 gap-1 [\u0026\u003esvg]:pointer-events-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive transition-[color,box-shadow] overflow-hidden text-foreground [a\u0026]:hover:bg-accent [a\u0026]:hover:text-accent-foreground text-xs font-normal hover:bg-accent\",\"children\":\"html\"}]}],[\"$\",\"$L5\",\"sanitizer\",{\"href\":\"/search?q=sanitizer\",\"children\":[\"$\",\"span\",null,{\"data-slot\":\"badge\",\"className\":\"inline-flex items-center justify-center rounded-md border px-2 py-0.5 w-fit whitespace-nowrap shrink-0 [\u0026\u003esvg]:size-3 gap-1 [\u0026\u003esvg]:pointer-events-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive transition-[color,box-shadow] overflow-hidden text-foreground [a\u0026]:hover:bg-accent [a\u0026]:hover:text-accent-foreground text-xs font-normal hover:bg-accent\",\"children\":\"sanitizer\"}]}],[\"$\",\"$L5\",\"xss\",{\"href\":\"/search?q=xss\",\"children\":[\"$\",\"span\",null,{\"data-slot\":\"badge\",\"className\":\"inline-flex items-center justify-center rounded-md border px-2 py-0.5 w-fit whitespace-nowrap shrink-0 [\u0026\u003esvg]:size-3 gap-1 [\u0026\u003esvg]:pointer-events-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive transition-[color,box-shadow] overflow-hidden text-foreground [a\u0026]:hover:bg-accent [a\u0026]:hover:text-accent-foreground text-xs font-normal hover:bg-accent\",\"children\":\"xss\"}]}],\"$L18\",\"$L19\"]}],\"$L1a\",\"$L1b\"]}],\"$L1c\"]}],\"$L1d\"]}]\n"])</script><script>self.__next_f.push([1,"1e:I[33485,[\"/_next/static/chunks/d25c1c87321c1e5e.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/d23d08e0b5d1d215.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/ae55acb14c32e044.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"InstallCommands\"]\n1f:I[27341,[\"/_next/static/chunks/d25c1c87321c1e5e.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/d23d08e0b5d1d215.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/ae55acb14c32e044.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"Tabs\"]\n20:I[27341,[\"/_next/static/chunks/d25c1c87321c1e5e.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/d23d08e0b5d1d215.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/ae55acb14c32e044.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"TabsList\"]\n21:I[27341,[\"/_next/static/chunks/d25c1c87321c1e5e.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/d23d08e0b5d1d215.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/ae55acb14c32e044.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"TabsTrigger\"]\n22:I[27341,[\"/_next/static/chunks/d25c1c87321c1e5e.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/d23d08e0b5d1d215.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/ae55acb14c32e044.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"TabsContent\"]\n23:I[77801,[\"/_next/static/chunks/d25c1c87321c1e5e.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/d23d08e0b5d1d215.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/ae55acb14c32e044.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"ReadmeViewer\"]\n18:[\"$\",\"$L5\",\"security\",{\"href\":\"/search?q=security\",\"children\":[\"$\",\"span\",null,{\"data-slot\":\"badge\",\"className\":\"inline-flex items-center justify-center rounded-md border px-2 py-0.5 w-fit whitespace-nowrap shrink-0 [\u0026\u003esvg]:size-3 gap-1 [\u0026\u003esvg]:pointer-events-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive transition-[color,box-shadow] overflow-hidden text-foreground [a\u0026]:hover:bg-accent [a\u0026]:hover:text-accent-foreground text-xs font-normal hover:bg-accent\",\"children\":\"security\"}]}]\n19:[\"$\",\"$L5\",\"content\",{\"href\":\"/search?q=content\",\"children\":[\"$\",\"span\",null,{\"data-slot\":\"badge\",\"className\":\"inline-flex items-center justify-center rounded-md border px-2 py-0.5 w-fit whitespace-nowrap shrink-0 [\u0026\u003esvg]:size-3 gap-1 [\u0026\u003esvg]:pointer-events-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive transition-[color,box-shadow] overflow-hidden text-foreground [a\u0026]:hover:bg-accent [a\u0026]:hover:text-accent-foreground text-xs font-normal hover:bg-accent\",\"children\":\"content\"}]}]\n"])</script><script>self.__next_f.push([1,"1a:[\"$\",\"div\",null,{\"className\":\"flex flex-wrap gap-4 text-sm text-muted-foreground\",\"children\":[[\"$\",\"span\",null,{\"className\":\"flex items-center gap-1.5\",\"children\":[[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-download h-4 w-4\",\"children\":[[\"$\",\"path\",\"ih7n3h\",{\"d\":\"M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4\"}],[\"$\",\"polyline\",\"2ggqvy\",{\"points\":\"7 10 12 15 17 10\"}],[\"$\",\"line\",\"1vk2je\",{\"x1\":\"12\",\"x2\":\"12\",\"y1\":\"15\",\"y2\":\"3\"}],\"$undefined\"]}],[\"$\",\"span\",null,{\"className\":\"font-medium text-foreground\",\"children\":\"2\"}],\"/week\"]}],[\"$\",\"span\",null,{\"className\":\"flex items-center gap-1.5\",\"children\":[[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-calendar h-4 w-4\",\"children\":[[\"$\",\"path\",\"1cmpym\",{\"d\":\"M8 2v4\"}],[\"$\",\"path\",\"4m81vk\",{\"d\":\"M16 2v4\"}],[\"$\",\"rect\",\"1hopcy\",{\"width\":\"18\",\"height\":\"18\",\"x\":\"3\",\"y\":\"4\",\"rx\":\"2\"}],[\"$\",\"path\",\"8toen8\",{\"d\":\"M3 10h18\"}],\"$undefined\"]}],\"Updated \",\"1 months ago\"]}],[\"$\",\"span\",null,{\"className\":\"flex items-center gap-1.5\",\"children\":[[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-scale h-4 w-4\",\"children\":[[\"$\",\"path\",\"7g6ntu\",{\"d\":\"m16 16 3-8 3 8c-.87.65-1.92 1-3 1s-2.13-.35-3-1Z\"}],[\"$\",\"path\",\"ijws7r\",{\"d\":\"m2 16 3-8 3 8c-.87.65-1.92 1-3 1s-2.13-.35-3-1Z\"}],[\"$\",\"path\",\"1b0cd5\",{\"d\":\"M7 21h10\"}],[\"$\",\"path\",\"108xh3\",{\"d\":\"M12 3v18\"}],[\"$\",\"path\",\"3gwbw2\",{\"d\":\"M3 7h2c2 0 5-1 7-2 2 1 5 2 7 2h2\"}],\"$undefined\"]}],\"SEE LICENSE IN LICENSE.txt\"]}],[\"$\",\"span\",null,{\"className\":\"flex items-center gap-1.5\",\"children\":[\"Unpacked: \",\"79.9 KB\"]}]]}]\n"])</script><script>self.__next_f.push([1,"1b:[\"$\",\"div\",null,{\"className\":\"text-sm\",\"children\":[[\"$\",\"span\",null,{\"className\":\"text-muted-foreground\",\"children\":\"Published by \"}],[\"$\",\"$L5\",null,{\"href\":\"/~Bernier%20LLC\",\"className\":\"font-medium hover:underline\",\"children\":\"Bernier LLC\"}]]}]\n"])</script><script>self.__next_f.push([1,"1c:[\"$\",\"div\",null,{\"className\":\"w-full space-y-4 lg:w-80\",\"children\":[[\"$\",\"$L1e\",null,{\"packageName\":\"@bernierllc/html-sanitizer\"}],[\"$\",\"div\",null,{\"className\":\"flex flex-wrap gap-2\",\"children\":[null,\"$undefined\",\"$undefined\",[\"$\",\"a\",null,{\"href\":\"https://npmjs.com/package/@bernierllc/html-sanitizer\",\"target\":\"_blank\",\"rel\":\"noopener noreferrer\",\"children\":[[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-external-link mr-1.5 h-4 w-4\",\"children\":[[\"$\",\"path\",\"1q9fwt\",{\"d\":\"M15 3h6v6\"}],[\"$\",\"path\",\"gplh6r\",{\"d\":\"M10 14 21 3\"}],[\"$\",\"path\",\"a6xqqp\",{\"d\":\"M18 13v6a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2V8a2 2 0 0 1 2-2h6\"}],\"$undefined\"]}],\"npm\"],\"data-slot\":\"button\",\"className\":\"inline-flex items-center justify-center whitespace-nowrap text-sm font-medium transition-all disabled:pointer-events-none disabled:opacity-50 [\u0026_svg]:pointer-events-none [\u0026_svg:not([class*='size-'])]:size-4 shrink-0 [\u0026_svg]:shrink-0 outline-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive border bg-background shadow-xs hover:bg-accent hover:text-accent-foreground dark:bg-input/30 dark:border-input dark:hover:bg-input/50 h-8 rounded-md gap-1.5 px-3 has-[\u003esvg]:px-2.5\",\"ref\":null}]]}],false]}]\n"])</script><script>self.__next_f.push([1,"24:T2e89,"])</script><script>self.__next_f.push([1,"# @bernierllc/html-sanitizer\n\n**XSS Prevention and HTML Sanitization for User-Generated Content**\n\nA security-critical package that provides robust HTML sanitization to prevent XSS (Cross-Site Scripting) attacks in user-generated content. Built on battle-tested DOMPurify with configurable security profiles.\n\n## Installation\n\n```bash\nnpm install @bernierllc/html-sanitizer\n```\n\n## Quick Start\n\n```typescript\nimport { HtmlSanitizer, sanitizeHtml, SanitizationProfile } from '@bernierllc/html-sanitizer';\n\n// Simple sanitization with defaults (MODERATE profile)\nconst clean = sanitizeHtml('\u003cp\u003eSafe content\u003c/p\u003e\u003cscript\u003ealert(\"XSS\")\u003c/script\u003e');\n// Result: '\u003cp\u003eSafe content\u003c/p\u003e' (script removed)\n\n// Get detailed sanitization report\nconst sanitizer = new HtmlSanitizer();\nconst result = sanitizer.sanitize(userHtml);\n\nconsole.log(result.html); // Clean HTML\nconsole.log(result.modified); // true if content was changed\nconsole.log(result.removedTags); // ['script', 'object']\nconsole.log(result.xssPatterns); // ['script tag', 'event handler']\nconsole.log(result.warnings); // Security warnings\n```\n\n## Features\n\n- **XSS Attack Prevention**: Removes script tags, event handlers, dangerous protocols\n- **Configurable Profiles**: STRICT, MODERATE, RELAXED security levels\n- **Custom Rules**: Define your own allowed tags, attributes, and protocols\n- **Security Reporting**: Detailed reports of removed content and detected patterns\n- **Performance Optimized**: Built on DOMPurify, the industry standard\n- **Zero-Config**: Works out of the box with sensible defaults\n\n## Security Profiles\n\n### STRICT Profile\n\nOnly basic text formatting - ideal for comments or simple user input:\n\n```typescript\nimport { sanitizeWithProfile, SanitizationProfile } from '@bernierllc/html-sanitizer';\n\nconst clean = sanitizeWithProfile(userHtml, SanitizationProfile.STRICT);\n```\n\n**Allowed:**\n- Basic formatting: `\u003cp\u003e`, `\u003cbr\u003e`, `\u003cstrong\u003e`, `\u003cem\u003e`, `\u003cb\u003e`, `\u003ci\u003e`, `\u003cu\u003e`\n- Lists: `\u003cul\u003e`, `\u003col\u003e`, `\u003cli\u003e`\n\n**Blocked:**\n- Links, images, tables, media, everything else\n\n### MODERATE Profile (Default)\n\nStandard blog content formatting - default for most use cases:\n\n```typescript\nconst sanitizer = new HtmlSanitizer(); // Uses MODERATE by default\n```\n\n**Allowed:**\n- All STRICT tags\n- Headings: `\u003ch1\u003e` through `\u003ch6\u003e`\n- Links: `\u003ca href=\"...\" title=\"...\"\u003e`\n- Images: `\u003cimg src=\"...\" alt=\"...\"\u003e`\n- Code: `\u003ccode\u003e`, `\u003cpre\u003e`, `\u003cblockquote\u003e`\n\n**Protocols:** `http`, `https`, `mailto`\n\n### RELAXED Profile\n\nRich content for trusted users - includes tables and embedded media:\n\n```typescript\nconst clean = sanitizeWithProfile(userHtml, SanitizationProfile.RELAXED);\n```\n\n**Allowed:**\n- All MODERATE tags\n- Tables: `\u003ctable\u003e`, `\u003cthead\u003e`, `\u003ctbody\u003e`, `\u003ctr\u003e`, `\u003cth\u003e`, `\u003ctd\u003e`\n- Media: `\u003ciframe\u003e`, `\u003cvideo\u003e`, `\u003caudio\u003e`\n\n## Custom Configuration\n\nDefine your own security rules:\n\n```typescript\nimport { HtmlSanitizer } from '@bernierllc/html-sanitizer';\n\nconst sanitizer = new HtmlSanitizer({\n allowedTags: ['p', 'a', 'strong', 'em'],\n allowedAttributes: {\n 'a': ['href', 'title']\n },\n allowedProtocols: ['https'], // Only HTTPS links\n allowStyles: false,\n allowDataUris: false\n});\n\nconst result = sanitizer.sanitize(userHtml);\n```\n\n## API Reference\n\n### `HtmlSanitizer`\n\nMain class for HTML sanitization.\n\n#### Constructor\n\n```typescript\nnew HtmlSanitizer(config?: SanitizerConfig)\n```\n\n**Config Options:**\n- `allowedTags?: string[]` - Whitelist of allowed HTML tags\n- `allowedAttributes?: Record\u003cstring, string[]\u003e` - Allowed attributes per tag\n- `allowedProtocols?: string[]` - Allowed URL protocols\n- `allowStyles?: boolean` - Allow inline styles (default: false)\n- `allowDataUris?: boolean` - Allow data: URIs (default: false)\n- `mode?: 'strict' | 'moderate' | 'relaxed'` - Use predefined profile\n\n#### Methods\n\n**`sanitize(html: string): SanitizationResult`**\n\nSanitize HTML and get detailed report:\n\n```typescript\nconst result = sanitizer.sanitize(html);\n\n// SanitizationResult:\n{\n html: string; // Sanitized HTML\n modified: boolean; // Whether content was changed\n removedTags: string[]; // Tags that were removed\n removedAttributes: Array\u003c{ // Attributes that were removed\n tag: string;\n attribute: string;\n }\u003e;\n xssPatterns: string[]; // XSS patterns detected\n warnings: string[]; // Security warnings\n}\n```\n\n**`sanitizeWithProfile(html: string, profile: SanitizationProfile): SanitizationResult`**\n\nSanitize using a specific profile:\n\n```typescript\nconst result = sanitizer.sanitizeWithProfile(html, SanitizationProfile.STRICT);\n```\n\n**`validate(html: string): ValidationResult`**\n\nCheck if HTML is safe without modifying:\n\n```typescript\nconst result = sanitizer.validate(html);\n\n// ValidationResult:\n{\n safe: boolean; // Whether HTML is safe\n issues: string[]; // List of security issues\n}\n```\n\n### Convenience Functions\n\n**`sanitizeHtml(html: string, config?: SanitizerConfig): string`**\n\nQuick sanitization, returns clean HTML string:\n\n```typescript\nimport { sanitizeHtml } from '@bernierllc/html-sanitizer';\n\nconst clean = sanitizeHtml(userInput);\n```\n\n**`sanitizeWithProfile(html: string, profile: SanitizationProfile): string`**\n\nSanitize with a profile, returns clean HTML string:\n\n```typescript\nimport { sanitizeWithProfile, SanitizationProfile } from '@bernierllc/html-sanitizer';\n\nconst clean = sanitizeWithProfile(userInput, SanitizationProfile.STRICT);\n```\n\n**`validateHtml(html: string): { safe: boolean; issues: string[] }`**\n\nValidate HTML safety:\n\n```typescript\nimport { validateHtml } from '@bernierllc/html-sanitizer';\n\nconst result = validateHtml(userInput);\nif (!result.safe) {\n console.error('Unsafe HTML:', result.issues);\n}\n```\n\n## XSS Attack Prevention\n\nThis package protects against all common XSS attack vectors:\n\n### Script Tags\n\n```typescript\nconst html = '\u003cp\u003eHello\u003c/p\u003e\u003cscript\u003ealert(\"XSS\")\u003c/script\u003e';\nconst result = sanitizer.sanitize(html);\n\n// result.html: '\u003cp\u003eHello\u003c/p\u003e'\n// result.removedTags: ['script']\n// result.xssPatterns: ['script tag']\n// result.warnings: ['CRITICAL: Dangerous executable content removed']\n```\n\n### Event Handlers\n\n```typescript\nconst html = '\u003cimg src=\"x\" onerror=\"alert(1)\"\u003e';\nconst result = sanitizer.sanitize(html);\n\n// onerror attribute removed\n// result.xssPatterns: ['event handler']\n```\n\n### JavaScript Protocol\n\n```typescript\nconst html = '\u003ca href=\"javascript:alert(1)\"\u003eClick\u003c/a\u003e';\nconst result = sanitizer.sanitize(html);\n\n// javascript: protocol removed\n// result.xssPatterns: ['javascript: protocol']\n```\n\n### Data URIs\n\n```typescript\nconst html = '\u003cimg src=\"data:text/html,\u003cscript\u003ealert(1)\u003c/script\u003e\"\u003e';\nconst result = sanitizer.sanitize(html);\n\n// Detected and blocked\n// result.xssPatterns: ['data: URI']\n```\n\n### Embedded Objects\n\n```typescript\nconst html = '\u003cobject data=\"malicious.swf\"\u003e\u003c/object\u003e';\nconst result = sanitizer.sanitize(html);\n\n// \u003cobject\u003e and \u003cembed\u003e tags always removed\n// result.removedTags: ['object']\n```\n\n## Security Best Practices\n\n### Always Sanitize User Input\n\n```typescript\n// ✅ CORRECT\napp.post('/comment', (req, res) =\u003e {\n const sanitized = sanitizeHtml(req.body.comment);\n await saveComment(sanitized);\n});\n\n// ❌ WRONG - Never trust user input\napp.post('/comment', (req, res) =\u003e {\n await saveComment(req.body.comment); // Dangerous!\n});\n```\n\n### Choose the Right Profile\n\n```typescript\n// Comments: Use STRICT\nconst comment = sanitizeWithProfile(userComment, SanitizationProfile.STRICT);\n\n// Blog posts: Use MODERATE (default)\nconst blogPost = sanitizeHtml(userBlogPost);\n\n// Admin content: Use RELAXED (only for trusted users)\nif (user.isAdmin) {\n const adminContent = sanitizeWithProfile(userContent, SanitizationProfile.RELAXED);\n}\n```\n\n### Monitor Security Events\n\n```typescript\nconst result = sanitizer.sanitize(userHtml);\n\nif (result.xssPatterns.length \u003e 0) {\n // Log security event\n logger.warn('XSS attempt detected', {\n userId: user.id,\n patterns: result.xssPatterns,\n removedTags: result.removedTags\n });\n}\n```\n\n### Use Validation Before Saving\n\n```typescript\nconst validation = validateHtml(userInput);\n\nif (!validation.safe) {\n return res.status(400).json({\n error: 'Content contains unsafe HTML',\n issues: validation.issues\n });\n}\n```\n\n## Performance\n\n- **Typical blog post (5KB)**: \u003c10ms\n- **Large content (500KB)**: \u003c100ms\n- **Memory usage**: \u003c50MB for large content\n\nBuilt on DOMPurify, which is highly optimized and used by millions of websites.\n\n## Integration Status\n\n### Logger Integration\n**Status**: Optional (recommended for security monitoring)\n\n**Justification**: While this package can function without logging, it's highly recommended to integrate `@bernierllc/logger` for security event monitoring. The sanitizer can detect and remove XSS patterns, and logging these events helps with security auditing and threat detection. However, the package is designed to work without logging for environments where logging isn't available.\n\n**Pattern**: Optional integration - package works without logger, but logger enhances security monitoring capabilities.\n\n**Example Integration**:\n```typescript\nimport { Logger } from '@bernierllc/logger';\nimport { HtmlSanitizer } from '@bernierllc/html-sanitizer';\n\nconst logger = new Logger({ service: 'html-sanitizer' });\nconst sanitizer = new HtmlSanitizer();\n\nconst result = sanitizer.sanitize(userHtml);\nif (result.xssPatterns.length \u003e 0) {\n logger.warn('XSS attempt detected', {\n patterns: result.xssPatterns,\n removedTags: result.removedTags\n });\n}\n```\n\n### NeverHub Integration\n**Status**: Not applicable\n\n**Justification**: This is a core utility package that performs HTML sanitization. It does not participate in service discovery, event publishing, or service mesh operations. While security events could theoretically be published to NeverHub, this package focuses solely on sanitization logic and delegates event handling to calling code.\n\n**Pattern**: Core utility - no service mesh integration needed. Security events should be handled by the application layer that uses this sanitizer.\n\n### Docs-Suite Integration\n**Status**: Ready\n\n**Format**: TypeDoc-compatible JSDoc comments are included throughout the source code. All public APIs are documented with examples and type information.\n\n## Dependencies\n\n- **dompurify** (^3.1.7) - HTML sanitization engine\n- **jsdom** (^25.0.1) - DOM implementation for Node.js\n\n## Development\n\n```bash\n# Install dependencies\nnpm install\n\n# Run tests\nnpm test\n\n# Run tests with coverage\nnpm run test:coverage\n\n# Build package\nnpm run build\n\n# Lint code\nnpm run lint\n```\n\n## Testing\n\nThis package has comprehensive test coverage (90%+) including:\n\n- XSS attack prevention (script tags, event handlers, protocols)\n- All security profiles (strict, moderate, relaxed)\n- Custom configuration options\n- Edge cases (malformed HTML, Unicode, large input)\n- Sanitization result metadata\n\n## Related Packages\n\n### Dependencies\n- `dompurify` (npm) - HTML sanitization engine\n- `jsdom` (npm) - DOM implementation\n\n### Used By\n- `@bernierllc/content-transformer` - Content format conversions\n- `@bernierllc/content-editor-service` - Editor backend\n- `@bernierllc/markdown-renderer` - HTML output sanitization\n\n### Part Of\n- **Content Management Suite** - Blog content and commit message workflows\n\n## License\n\nCopyright (c) 2025 Bernier LLC\n\nThis file is licensed to the client under a limited-use license.\nThe client may use and modify this code *only within the scope of the project it was delivered for*.\nRedistribution or use in other products or commercial offerings is not permitted without written consent from Bernier LLC.\n\n## Security\n\nFor security concerns or to report vulnerabilities, please contact: security@bernierllc.com\n\n**This is a security-critical package. All XSS vulnerabilities are treated as high priority.**\n"])</script><script>self.__next_f.push([1,"1d:[\"$\",\"$L1f\",null,{\"defaultValue\":\"readme\",\"className\":\"w-full\",\"children\":[[\"$\",\"$L20\",null,{\"children\":[[\"$\",\"$L21\",null,{\"value\":\"readme\",\"children\":\"Readme\"}],[\"$\",\"$L21\",null,{\"value\":\"dependencies\",\"children\":[\"Dependencies\",[\"$\",\"span\",null,{\"className\":\"ml-1.5 text-xs text-muted-foreground\",\"children\":[\"(\",2,\")\"]}]]}],[\"$\",\"$L21\",null,{\"value\":\"versions\",\"children\":[\"Versions\",[\"$\",\"span\",null,{\"className\":\"ml-1.5 text-xs text-muted-foreground\",\"children\":[\"(\",3,\")\"]}]]}]]}],[\"$\",\"$L22\",null,{\"value\":\"readme\",\"className\":\"mt-6\",\"children\":[\"$\",\"$L23\",null,{\"readme\":\"$24\"}]}],\"$L25\",\"$L26\"]}]\n"])</script><script>self.__next_f.push([1,"2b:I[7860,[\"/_next/static/chunks/d25c1c87321c1e5e.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/d23d08e0b5d1d215.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/ae55acb14c32e044.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"VersionList\"]\n"])</script><script>self.__next_f.push([1,"25:[\"$\",\"$L22\",null,{\"value\":\"dependencies\",\"className\":\"mt-6\",\"children\":[\"$\",\"div\",null,{\"className\":\"grid gap-6 lg:grid-cols-2\",\"children\":[[\"$\",\"div\",null,{\"data-slot\":\"card\",\"className\":\"bg-card text-card-foreground flex flex-col gap-6 rounded-xl border shadow-sm py-4\",\"children\":[[\"$\",\"div\",null,{\"data-slot\":\"card-header\",\"className\":\"@container/card-header grid auto-rows-min grid-rows-[auto_auto] items-start gap-2 px-6 has-data-[slot=card-action]:grid-cols-[1fr_auto] [.border-b]:pb-6 pb-2\",\"children\":[\"$\",\"div\",null,{\"data-slot\":\"card-title\",\"className\":\"font-semibold flex items-center gap-2 text-base\",\"children\":[[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-package h-4 w-4\",\"children\":[[\"$\",\"path\",\"1a0edw\",{\"d\":\"M11 21.73a2 2 0 0 0 2 0l7-4A2 2 0 0 0 21 16V8a2 2 0 0 0-1-1.73l-7-4a2 2 0 0 0-2 0l-7 4A2 2 0 0 0 3 8v8a2 2 0 0 0 1 1.73z\"}],[\"$\",\"path\",\"d0xqtd\",{\"d\":\"M12 22V12\"}],[\"$\",\"path\",\"yx3hmr\",{\"d\":\"m3.3 7 7.703 4.734a2 2 0 0 0 1.994 0L20.7 7\"}],[\"$\",\"path\",\"1c824w\",{\"d\":\"m7.5 4.27 9 5.15\"}],\"$undefined\"]}],\"Dependencies\",[\"$\",\"span\",null,{\"data-slot\":\"badge\",\"className\":\"inline-flex items-center justify-center rounded-md border px-2 py-0.5 font-medium w-fit whitespace-nowrap shrink-0 [\u0026\u003esvg]:size-3 gap-1 [\u0026\u003esvg]:pointer-events-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive transition-[color,box-shadow] overflow-hidden border-transparent bg-secondary text-secondary-foreground [a\u0026]:hover:bg-secondary/90 ml-auto text-xs\",\"children\":2}]]}]}],[\"$\",\"div\",null,{\"data-slot\":\"card-content\",\"className\":\"px-6\",\"children\":[\"$\",\"div\",null,{\"className\":\"grid gap-1\",\"children\":[[\"$\",\"$L5\",\"dompurify\",{\"href\":\"/package/dompurify\",\"className\":\"group flex items-center justify-between rounded-md px-2 py-1.5 text-sm transition-colors hover:bg-accent\",\"children\":[[\"$\",\"span\",null,{\"className\":\"flex items-center gap-1.5 truncate font-mono text-foreground\",\"children\":[[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-chevron-right h-3 w-3 text-muted-foreground opacity-0 transition-opacity group-hover:opacity-100\",\"children\":[[\"$\",\"path\",\"mthhwq\",{\"d\":\"m9 18 6-6-6-6\"}],\"$undefined\"]}],\"dompurify\"]}],[\"$\",\"span\",null,{\"className\":\"ml-2 shrink-0 font-mono text-xs text-muted-foreground\",\"children\":\"^3.1.7\"}]]}],[\"$\",\"$L5\",\"jsdom\",{\"href\":\"/package/jsdom\",\"className\":\"group flex items-center justify-between rounded-md px-2 py-1.5 text-sm transition-colors hover:bg-accent\",\"children\":[[\"$\",\"span\",null,{\"className\":\"flex items-center gap-1.5 truncate font-mono text-foreground\",\"children\":[[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-chevron-right h-3 w-3 text-muted-foreground opacity-0 transition-opacity group-hover:opacity-100\",\"children\":[[\"$\",\"path\",\"mthhwq\",{\"d\":\"m9 18 6-6-6-6\"}],\"$undefined\"]}],\"jsdom\"]}],[\"$\",\"span\",null,{\"className\":\"ml-2 shrink-0 font-mono text-xs text-muted-foreground\",\"children\":\"^25.0.1\"}]]}]]}]}]]}],[\"$\",\"div\",null,{\"data-slot\":\"card\",\"className\":\"bg-card text-card-foreground flex flex-col gap-6 rounded-xl border shadow-sm py-4\",\"children\":[[\"$\",\"div\",null,{\"data-slot\":\"card-header\",\"className\":\"@container/card-header grid auto-rows-min grid-rows-[auto_auto] items-start gap-2 px-6 has-data-[slot=card-action]:grid-cols-[1fr_auto] [.border-b]:pb-6 pb-2\",\"children\":[\"$\",\"div\",null,{\"data-slot\":\"card-title\",\"className\":\"font-semibold flex items-center gap-2 text-base\",\"children\":[\"$L27\",\"Peer Dependencies\",\"$L28\"]}]}],\"$L29\"]}],\"$L2a\"]}]}]\n"])</script><script>self.__next_f.push([1,"26:[\"$\",\"$L22\",null,{\"value\":\"versions\",\"className\":\"mt-6\",\"children\":[\"$\",\"$L2b\",null,{\"packageName\":\"@bernierllc/html-sanitizer\",\"versions\":[{\"version\":\"1.2.0\",\"date\":\"2026-01-05T19:45:09.368Z\",\"deprecated\":\"$undefined\"},{\"version\":\"1.0.7\",\"date\":\"2025-12-02T00:42:32.429Z\",\"deprecated\":\"$undefined\"},{\"version\":\"1.0.0\",\"date\":\"2025-11-05T03:50:14.100Z\",\"deprecated\":\"$undefined\"}],\"currentVersion\":\"1.2.0\"}]}]\n"])</script><div style="display:none" id="S:1"><div class="space-y-8"><div class="flex flex-col gap-6 lg:flex-row lg:gap-8"><div class="flex-1 space-y-4"><div class="flex flex-wrap items-start gap-3"><h1 class="font-mono text-2xl font-bold sm:text-3xl">@bernierllc/html-sanitizer</h1><div class="flex flex-wrap items-center gap-2"><span data-slot="badge" class="inline-flex items-center justify-center rounded-md border px-2 py-0.5 text-xs font-medium w-fit whitespace-nowrap shrink-0 [&>svg]:size-3 gap-1 [&>svg]:pointer-events-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive transition-[color,box-shadow] overflow-hidden border-transparent bg-secondary text-secondary-foreground [a&]:hover:bg-secondary/90 font-mono">v1.2.0</span><span data-slot="badge" class="inline-flex items-center justify-center rounded-md border px-2 py-0.5 text-xs font-medium w-fit whitespace-nowrap shrink-0 [&>svg]:size-3 gap-1 [&>svg]:pointer-events-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive transition-[color,box-shadow] overflow-hidden [a&]:hover:bg-accent [a&]:hover:text-accent-foreground text-blue-600 border-blue-200"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-file-code mr-1 h-3 w-3"><path d="M10 12.5 8 15l2 2.5"></path><path d="m14 12.5 2 2.5-2 2.5"></path><path d="M14 2v4a2 2 0 0 0 2 2h4"></path><path d="M15 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V7z"></path></svg>TypeScript</span></div></div><p class="text-lg text-muted-foreground">XSS prevention and HTML sanitization for user-generated content</p><div class="flex flex-wrap gap-1.5"><a href="/search?q=html"><span data-slot="badge" class="inline-flex items-center justify-center rounded-md border px-2 py-0.5 w-fit whitespace-nowrap shrink-0 [&>svg]:size-3 gap-1 [&>svg]:pointer-events-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive transition-[color,box-shadow] overflow-hidden text-foreground [a&]:hover:bg-accent [a&]:hover:text-accent-foreground text-xs font-normal hover:bg-accent">html</span></a><a href="/search?q=sanitizer"><span data-slot="badge" class="inline-flex items-center justify-center rounded-md border px-2 py-0.5 w-fit whitespace-nowrap shrink-0 [&>svg]:size-3 gap-1 [&>svg]:pointer-events-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive transition-[color,box-shadow] overflow-hidden text-foreground [a&]:hover:bg-accent [a&]:hover:text-accent-foreground text-xs font-normal hover:bg-accent">sanitizer</span></a><a href="/search?q=xss"><span data-slot="badge" class="inline-flex items-center justify-center rounded-md border px-2 py-0.5 w-fit whitespace-nowrap shrink-0 [&>svg]:size-3 gap-1 [&>svg]:pointer-events-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive transition-[color,box-shadow] overflow-hidden text-foreground [a&]:hover:bg-accent [a&]:hover:text-accent-foreground text-xs font-normal hover:bg-accent">xss</span></a><a href="/search?q=security"><span data-slot="badge" class="inline-flex items-center justify-center rounded-md border px-2 py-0.5 w-fit whitespace-nowrap shrink-0 [&>svg]:size-3 gap-1 [&>svg]:pointer-events-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive transition-[color,box-shadow] overflow-hidden text-foreground [a&]:hover:bg-accent [a&]:hover:text-accent-foreground text-xs font-normal hover:bg-accent">security</span></a><a href="/search?q=content"><span data-slot="badge" class="inline-flex items-center justify-center rounded-md border px-2 py-0.5 w-fit whitespace-nowrap shrink-0 [&>svg]:size-3 gap-1 [&>svg]:pointer-events-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive transition-[color,box-shadow] overflow-hidden text-foreground [a&]:hover:bg-accent [a&]:hover:text-accent-foreground text-xs font-normal hover:bg-accent">content</span></a></div><div class="flex flex-wrap gap-4 text-sm text-muted-foreground"><span class="flex items-center gap-1.5"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-download h-4 w-4"><path d="M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4"></path><polyline points="7 10 12 15 17 10"></polyline><line x1="12" x2="12" y1="15" y2="3"></line></svg><span class="font-medium text-foreground">2</span>/week</span><span class="flex items-center gap-1.5"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-calendar h-4 w-4"><path d="M8 2v4"></path><path d="M16 2v4"></path><rect width="18" height="18" x="3" y="4" rx="2"></rect><path d="M3 10h18"></path></svg>Updated 1 months ago</span><span class="flex items-center gap-1.5"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-scale h-4 w-4"><path d="m16 16 3-8 3 8c-.87.65-1.92 1-3 1s-2.13-.35-3-1Z"></path><path d="m2 16 3-8 3 8c-.87.65-1.92 1-3 1s-2.13-.35-3-1Z"></path><path d="M7 21h10"></path><path d="M12 3v18"></path><path d="M3 7h2c2 0 5-1 7-2 2 1 5 2 7 2h2"></path></svg>SEE LICENSE IN LICENSE.txt</span><span class="flex items-center gap-1.5">Unpacked: 79.9 KB</span></div><div class="text-sm"><span class="text-muted-foreground">Published by </span><a class="font-medium hover:underline" href="/~Bernier%20LLC">Bernier LLC</a></div></div><div class="w-full space-y-4 lg:w-80"><div class="rounded-lg border bg-card"><div dir="ltr" data-orientation="horizontal" data-slot="tabs" class="flex flex-col gap-2"><div role="tablist" aria-orientation="horizontal" data-slot="tabs-list" class="text-muted-foreground inline-flex h-9 items-center w-full justify-start rounded-none border-b bg-transparent p-0" tabindex="-1" data-orientation="horizontal" style="outline:none"><button type="button" role="tab" aria-selected="true" aria-controls="radix-_R_36av5ubrb_-content-npm" data-state="active" id="radix-_R_36av5ubrb_-trigger-npm" data-slot="tabs-trigger" class="dark:data-[state=active]:text-foreground focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:outline-ring dark:data-[state=active]:border-input dark:data-[state=active]:bg-input/30 text-foreground dark:text-muted-foreground inline-flex h-[calc(100%-1px)] flex-1 items-center justify-center gap-1.5 border px-2 py-1 text-sm font-medium whitespace-nowrap transition-[color,box-shadow] focus-visible:ring-[3px] focus-visible:outline-1 disabled:pointer-events-none disabled:opacity-50 data-[state=active]:shadow-sm [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4 rounded-none border-b-2 border-transparent data-[state=active]:border-primary data-[state=active]:bg-transparent" tabindex="-1" data-orientation="horizontal" data-radix-collection-item="">npm</button><button type="button" role="tab" aria-selected="false" aria-controls="radix-_R_36av5ubrb_-content-yarn" data-state="inactive" id="radix-_R_36av5ubrb_-trigger-yarn" data-slot="tabs-trigger" class="dark:data-[state=active]:text-foreground focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:outline-ring dark:data-[state=active]:border-input dark:data-[state=active]:bg-input/30 text-foreground dark:text-muted-foreground inline-flex h-[calc(100%-1px)] flex-1 items-center justify-center gap-1.5 border px-2 py-1 text-sm font-medium whitespace-nowrap transition-[color,box-shadow] focus-visible:ring-[3px] focus-visible:outline-1 disabled:pointer-events-none disabled:opacity-50 data-[state=active]:shadow-sm [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4 rounded-none border-b-2 border-transparent data-[state=active]:border-primary data-[state=active]:bg-transparent" tabindex="-1" data-orientation="horizontal" data-radix-collection-item="">yarn</button><button type="button" role="tab" aria-selected="false" aria-controls="radix-_R_36av5ubrb_-content-pnpm" data-state="inactive" id="radix-_R_36av5ubrb_-trigger-pnpm" data-slot="tabs-trigger" class="dark:data-[state=active]:text-foreground focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:outline-ring dark:data-[state=active]:border-input dark:data-[state=active]:bg-input/30 text-foreground dark:text-muted-foreground inline-flex h-[calc(100%-1px)] flex-1 items-center justify-center gap-1.5 border px-2 py-1 text-sm font-medium whitespace-nowrap transition-[color,box-shadow] focus-visible:ring-[3px] focus-visible:outline-1 disabled:pointer-events-none disabled:opacity-50 data-[state=active]:shadow-sm [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4 rounded-none border-b-2 border-transparent data-[state=active]:border-primary data-[state=active]:bg-transparent" tabindex="-1" data-orientation="horizontal" data-radix-collection-item="">pnpm</button><button type="button" role="tab" aria-selected="false" aria-controls="radix-_R_36av5ubrb_-content-bun" data-state="inactive" id="radix-_R_36av5ubrb_-trigger-bun" data-slot="tabs-trigger" class="dark:data-[state=active]:text-foreground focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:outline-ring dark:data-[state=active]:border-input dark:data-[state=active]:bg-input/30 text-foreground dark:text-muted-foreground inline-flex h-[calc(100%-1px)] flex-1 items-center justify-center gap-1.5 border px-2 py-1 text-sm font-medium whitespace-nowrap transition-[color,box-shadow] focus-visible:ring-[3px] focus-visible:outline-1 disabled:pointer-events-none disabled:opacity-50 data-[state=active]:shadow-sm [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4 rounded-none border-b-2 border-transparent data-[state=active]:border-primary data-[state=active]:bg-transparent" tabindex="-1" data-orientation="horizontal" data-radix-collection-item="">bun</button></div><div data-state="active" data-orientation="horizontal" role="tabpanel" aria-labelledby="radix-_R_36av5ubrb_-trigger-npm" id="radix-_R_36av5ubrb_-content-npm" tabindex="0" data-slot="tabs-content" class="flex-1 outline-none mt-0" style="animation-duration:0s"><div class="flex items-center justify-between gap-2 p-3"><code class="flex-1 overflow-x-auto whitespace-nowrap font-mono text-sm">npm install @bernierllc/html-sanitizer</code><button data-slot="button" class="inline-flex items-center justify-center gap-2 whitespace-nowrap rounded-md text-sm font-medium transition-all disabled:pointer-events-none disabled:opacity-50 [&_svg]:pointer-events-none [&_svg:not([class*='size-'])]:size-4 [&_svg]:shrink-0 outline-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive hover:bg-accent hover:text-accent-foreground dark:hover:bg-accent/50 size-9 h-8 w-8 shrink-0"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-copy h-4 w-4"><rect width="14" height="14" x="8" y="8" rx="2" ry="2"></rect><path d="M4 16c-1.1 0-2-.9-2-2V4c0-1.1.9-2 2-2h10c1.1 0 2 .9 2 2"></path></svg></button></div></div><div data-state="inactive" data-orientation="horizontal" role="tabpanel" aria-labelledby="radix-_R_36av5ubrb_-trigger-yarn" hidden="" id="radix-_R_36av5ubrb_-content-yarn" tabindex="0" data-slot="tabs-content" class="flex-1 outline-none mt-0"></div><div data-state="inactive" data-orientation="horizontal" role="tabpanel" aria-labelledby="radix-_R_36av5ubrb_-trigger-pnpm" hidden="" id="radix-_R_36av5ubrb_-content-pnpm" tabindex="0" data-slot="tabs-content" class="flex-1 outline-none mt-0"></div><div data-state="inactive" data-orientation="horizontal" role="tabpanel" aria-labelledby="radix-_R_36av5ubrb_-trigger-bun" hidden="" id="radix-_R_36av5ubrb_-content-bun" tabindex="0" data-slot="tabs-content" class="flex-1 outline-none mt-0"></div></div></div><div class="flex flex-wrap gap-2"><a href="https://npmjs.com/package/@bernierllc/html-sanitizer" target="_blank" rel="noopener noreferrer" data-slot="button" class="inline-flex items-center justify-center whitespace-nowrap text-sm font-medium transition-all disabled:pointer-events-none disabled:opacity-50 [&_svg]:pointer-events-none [&_svg:not([class*='size-'])]:size-4 shrink-0 [&_svg]:shrink-0 outline-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive border bg-background shadow-xs hover:bg-accent hover:text-accent-foreground dark:bg-input/30 dark:border-input dark:hover:bg-input/50 h-8 rounded-md gap-1.5 px-3 has-[>svg]:px-2.5"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-external-link mr-1.5 h-4 w-4"><path d="M15 3h6v6"></path><path d="M10 14 21 3"></path><path d="M18 13v6a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2V8a2 2 0 0 1 2-2h6"></path></svg>npm</a></div></div></div><div dir="ltr" data-orientation="horizontal" data-slot="tabs" class="flex flex-col gap-2 w-full"><div role="tablist" aria-orientation="horizontal" data-slot="tabs-list" class="bg-muted text-muted-foreground inline-flex h-9 w-fit items-center justify-center rounded-lg p-[3px]" tabindex="-1" data-orientation="horizontal" style="outline:none"><button type="button" role="tab" aria-selected="true" aria-controls="radix-_R_aav5ubrb_-content-readme" data-state="active" id="radix-_R_aav5ubrb_-trigger-readme" data-slot="tabs-trigger" class="data-[state=active]:bg-background dark:data-[state=active]:text-foreground focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:outline-ring dark:data-[state=active]:border-input dark:data-[state=active]:bg-input/30 text-foreground dark:text-muted-foreground inline-flex h-[calc(100%-1px)] flex-1 items-center justify-center gap-1.5 rounded-md border border-transparent px-2 py-1 text-sm font-medium whitespace-nowrap transition-[color,box-shadow] focus-visible:ring-[3px] focus-visible:outline-1 disabled:pointer-events-none disabled:opacity-50 data-[state=active]:shadow-sm [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4" tabindex="-1" data-orientation="horizontal" data-radix-collection-item="">Readme</button><button type="button" role="tab" aria-selected="false" aria-controls="radix-_R_aav5ubrb_-content-dependencies" data-state="inactive" id="radix-_R_aav5ubrb_-trigger-dependencies" data-slot="tabs-trigger" class="data-[state=active]:bg-background dark:data-[state=active]:text-foreground focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:outline-ring dark:data-[state=active]:border-input dark:data-[state=active]:bg-input/30 text-foreground dark:text-muted-foreground inline-flex h-[calc(100%-1px)] flex-1 items-center justify-center gap-1.5 rounded-md border border-transparent px-2 py-1 text-sm font-medium whitespace-nowrap transition-[color,box-shadow] focus-visible:ring-[3px] focus-visible:outline-1 disabled:pointer-events-none disabled:opacity-50 data-[state=active]:shadow-sm [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4" tabindex="-1" data-orientation="horizontal" data-radix-collection-item="">Dependencies<span class="ml-1.5 text-xs text-muted-foreground">(2)</span></button><button type="button" role="tab" aria-selected="false" aria-controls="radix-_R_aav5ubrb_-content-versions" data-state="inactive" id="radix-_R_aav5ubrb_-trigger-versions" data-slot="tabs-trigger" class="data-[state=active]:bg-background dark:data-[state=active]:text-foreground focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:outline-ring dark:data-[state=active]:border-input dark:data-[state=active]:bg-input/30 text-foreground dark:text-muted-foreground inline-flex h-[calc(100%-1px)] flex-1 items-center justify-center gap-1.5 rounded-md border border-transparent px-2 py-1 text-sm font-medium whitespace-nowrap transition-[color,box-shadow] focus-visible:ring-[3px] focus-visible:outline-1 disabled:pointer-events-none disabled:opacity-50 data-[state=active]:shadow-sm [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4" tabindex="-1" data-orientation="horizontal" data-radix-collection-item="">Versions<span class="ml-1.5 text-xs text-muted-foreground">(3)</span></button></div><div data-state="active" data-orientation="horizontal" role="tabpanel" aria-labelledby="radix-_R_aav5ubrb_-trigger-readme" id="radix-_R_aav5ubrb_-content-readme" tabindex="0" data-slot="tabs-content" class="flex-1 outline-none mt-6" style="animation-duration:0s"><div class="relative"><div class="prose prose-sm dark:prose-invert max-w-none overflow-hidden rounded-lg border p-6" style="max-height:500px"><p><h1 class="text-2xl font-bold mt-6 mb-4">@bernierllc/html-sanitizer</h1></p><p class="my-3"><strong>XSS Prevention and HTML Sanitization for User-Generated Content</strong></p><p class="my-3">A security-critical package that provides robust HTML sanitization to prevent XSS (Cross-Site Scripting) attacks in user-generated content. Built on battle-tested DOMPurify with configurable security profiles.</p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">Installation</h2></p><p class="my-3">``<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">bash<br />npm install @bernierllc/html-sanitizer<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">Quick Start</h2></p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />import { HtmlSanitizer, sanitizeHtml, SanitizationProfile } from '@bernierllc/html-sanitizer';</p><p class="my-3">// Simple sanitization with defaults (MODERATE profile)<br />const clean = sanitizeHtml('<p>Safe content</p><script>alert("XSS")</script>');<br />// Result: '<p>Safe content</p>' (script removed)</p><p class="my-3">// Get detailed sanitization report<br />const sanitizer = new HtmlSanitizer();<br />const result = sanitizer.sanitize(userHtml);</p><p class="my-3">console.log(result.html); // Clean HTML<br />console.log(result.modified); // true if content was changed<br />console.log(result.removedTags); // ['script', 'object']<br />console.log(result.xssPatterns); // ['script tag', 'event handler']<br />console.log(result.warnings); // Security warnings<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">Features</h2></p><p class="my-3">- <strong>XSS Attack Prevention</strong>: Removes script tags, event handlers, dangerous protocols<br />- <strong>Configurable Profiles</strong>: STRICT, MODERATE, RELAXED security levels<br />- <strong>Custom Rules</strong>: Define your own allowed tags, attributes, and protocols<br />- <strong>Security Reporting</strong>: Detailed reports of removed content and detected patterns<br />- <strong>Performance Optimized</strong>: Built on DOMPurify, the industry standard<br />- <strong>Zero-Config</strong>: Works out of the box with sensible defaults</p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">Security Profiles</h2></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3">Only basic text formatting - ideal for comments or simple user input:</p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />import { sanitizeWithProfile, SanitizationProfile } from '@bernierllc/html-sanitizer';</p><p class="my-3">const clean = sanitizeWithProfile(userHtml, SanitizationProfile.STRICT);<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><strong>Allowed:</strong><br />- Basic formatting: </code><p><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">, </code><br><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">, </code><strong><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">, </code><em><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">, </code><b><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">, </code><i><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">, </code><u><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"><br />- Lists: </code><ul><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">, </code><ol><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">, </code><li><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><strong>Blocked:</strong><br />- Links, images, tables, media, everything else</p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3">Standard blog content formatting - default for most use cases:</p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />const sanitizer = new HtmlSanitizer(); // Uses MODERATE by default<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><strong>Allowed:</strong><br />- All STRICT tags<br />- Headings: </code><h1><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> through </code><h6><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"><br />- Links: </code><a href="..." title="..."><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"><br />- Images: </code><img src="..." alt="..."><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"><br />- Code: </code><code><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">, </code><pre><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">, </code><blockquote><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><strong>Protocols:</strong> </code>http<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">, </code>https<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">, </code>mailto<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3">Rich content for trusted users - includes tables and embedded media:</p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />const clean = sanitizeWithProfile(userHtml, SanitizationProfile.RELAXED);<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><strong>Allowed:</strong><br />- All MODERATE tags<br />- Tables: </code><table><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">, </code><thead><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">, </code><tbody><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">, </code><tr><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">, </code><th><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">, </code><td><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"><br />- Media: </code><iframe><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">, </code><video><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">, </code><audio><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">Custom Configuration</h2></p><p class="my-3">Define your own security rules:</p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />import { HtmlSanitizer } from '@bernierllc/html-sanitizer';</p><p class="my-3">const sanitizer = new HtmlSanitizer({<br /> allowedTags: ['p', 'a', 'strong', 'em'],<br /> allowedAttributes: {<br /> 'a': ['href', 'title']<br /> },<br /> allowedProtocols: ['https'], // Only HTTPS links<br /> allowStyles: false,<br /> allowDataUris: false<br />});</p><p class="my-3">const result = sanitizer.sanitize(userHtml);<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">API Reference</h2></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3">Main class for HTML sanitization.</p><p class="my-3">#### Constructor</p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />new HtmlSanitizer(config?: SanitizerConfig)<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><strong>Config Options:</strong><br />- </code>allowedTags?: string[]<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> - Whitelist of allowed HTML tags<br />- </code>allowedAttributes?: Record<string, string[]><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> - Allowed attributes per tag<br />- </code>allowedProtocols?: string[]<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> - Allowed URL protocols<br />- </code>allowStyles?: boolean<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> - Allow inline styles (default: false)<br />- </code>allowDataUris?: boolean<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> - Allow data: URIs (default: false)<br />- </code>mode?: 'strict' | 'moderate' | 'relaxed'<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> - Use predefined profile</p><p class="my-3">#### Methods</p><p class="my-3"><strong></code>sanitize(html: string): SanitizationResult<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></strong></p><p class="my-3">Sanitize HTML and get detailed report:</p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />const result = sanitizer.sanitize(html);</p><p class="my-3">// SanitizationResult:<br />{<br /> html: string; // Sanitized HTML<br /> modified: boolean; // Whether content was changed<br /> removedTags: string[]; // Tags that were removed<br /> removedAttributes: Array<{ // Attributes that were removed<br /> tag: string;<br /> attribute: string;<br /> }>;<br /> xssPatterns: string[]; // XSS patterns detected<br /> warnings: string[]; // Security warnings<br />}<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><strong></code>sanitizeWithProfile(html: string, profile: SanitizationProfile): SanitizationResult<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></strong></p><p class="my-3">Sanitize using a specific profile:</p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />const result = sanitizer.sanitizeWithProfile(html, SanitizationProfile.STRICT);<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><strong></code>validate(html: string): ValidationResult<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></strong></p><p class="my-3">Check if HTML is safe without modifying:</p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />const result = sanitizer.validate(html);</p><p class="my-3">// ValidationResult:<br />{<br /> safe: boolean; // Whether HTML is safe<br /> issues: string[]; // List of security issues<br />}<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3"><strong></code>sanitizeHtml(html: string, config?: SanitizerConfig): string<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></strong></p><p class="my-3">Quick sanitization, returns clean HTML string:</p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />import { sanitizeHtml } from '@bernierllc/html-sanitizer';</p><p class="my-3">const clean = sanitizeHtml(userInput);<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><strong></code>sanitizeWithProfile(html: string, profile: SanitizationProfile): string<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></strong></p><p class="my-3">Sanitize with a profile, returns clean HTML string:</p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />import { sanitizeWithProfile, SanitizationProfile } from '@bernierllc/html-sanitizer';</p><p class="my-3">const clean = sanitizeWithProfile(userInput, SanitizationProfile.STRICT);<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><strong></code>validateHtml(html: string): { safe: boolean; issues: string[] }<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></strong></p><p class="my-3">Validate HTML safety:</p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />import { validateHtml } from '@bernierllc/html-sanitizer';</p><p class="my-3">const result = validateHtml(userInput);<br />if (!result.safe) {<br /> console.error('Unsafe HTML:', result.issues);<br />}<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">XSS Attack Prevention</h2></p><p class="my-3">This package protects against all common XSS attack vectors:</p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />const html = '<p>Hello</p><script>alert("XSS")</script>';<br />const result = sanitizer.sanitize(html);</p><p class="my-3">// result.html: '<p>Hello</p>'<br />// result.removedTags: ['script']<br />// result.xssPatterns: ['script tag']<br />// result.warnings: ['CRITICAL: Dangerous executable content removed']<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />const html = '<img src="x" onerror="alert(1)">';<br />const result = sanitizer.sanitize(html);</p><p class="my-3">// onerror attribute removed<br />// result.xssPatterns: ['event handler']<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />const html = '<a href="javascript:alert(1)">Click</a>';<br />const result = sanitizer.sanitize(html);</p><p class="my-3">// javascript: protocol removed<br />// result.xssPatterns: ['javascript: protocol']<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />const html = '<img src="data:text/html,<script>alert(1)</script>">';<br />const result = sanitizer.sanitize(html);</p><p class="my-3">// Detected and blocked<br />// result.xssPatterns: ['data: URI']<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />const html = '<object data="malicious.swf"></object>';<br />const result = sanitizer.sanitize(html);</p><p class="my-3">// <object> and <embed> tags always removed<br />// result.removedTags: ['object']<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">Security Best Practices</h2></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />// ✅ CORRECT<br />app.post('/comment', (req, res) => {<br /> const sanitized = sanitizeHtml(req.body.comment);<br /> await saveComment(sanitized);<br />});</p><p class="my-3">// ❌ WRONG - Never trust user input<br />app.post('/comment', (req, res) => {<br /> await saveComment(req.body.comment); // Dangerous!<br />});<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />// Comments: Use STRICT<br />const comment = sanitizeWithProfile(userComment, SanitizationProfile.STRICT);</p><p class="my-3">// Blog posts: Use MODERATE (default)<br />const blogPost = sanitizeHtml(userBlogPost);</p><p class="my-3">// Admin content: Use RELAXED (only for trusted users)<br />if (user.isAdmin) {<br /> const adminContent = sanitizeWithProfile(userContent, SanitizationProfile.RELAXED);<br />}<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />const result = sanitizer.sanitize(userHtml);</p><p class="my-3">if (result.xssPatterns.length > 0) {<br /> // Log security event<br /> logger.warn('XSS attempt detected', {<br /> userId: user.id,<br /> patterns: result.xssPatterns,<br /> removedTags: result.removedTags<br /> });<br />}<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />const validation = validateHtml(userInput);</p><p class="my-3">if (!validation.safe) {<br /> return res.status(400).json({<br /> error: 'Content contains unsafe HTML',<br /> issues: validation.issues<br /> });<br />}<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">Performance</h2></p><p class="my-3">- <strong>Typical blog post (5KB)</strong>: <10ms<br />- <strong>Large content (500KB)</strong>: <100ms<br />- <strong>Memory usage</strong>: <50MB for large content</p><p class="my-3">Built on DOMPurify, which is highly optimized and used by millions of websites.</p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">Integration Status</h2></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3><br /><strong>Status</strong>: Optional (recommended for security monitoring)</p><p class="my-3"><strong>Justification</strong>: While this package can function without logging, it's highly recommended to integrate </code>@bernierllc/logger<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> for security event monitoring. The sanitizer can detect and remove XSS patterns, and logging these events helps with security auditing and threat detection. However, the package is designed to work without logging for environments where logging isn't available.</p><p class="my-3"><strong>Pattern</strong>: Optional integration - package works without logger, but logger enhances security monitoring capabilities.</p><p class="my-3"><strong>Example Integration</strong>:<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">typescript<br />import { Logger } from '@bernierllc/logger';<br />import { HtmlSanitizer } from '@bernierllc/html-sanitizer';</p><p class="my-3">const logger = new Logger({ service: 'html-sanitizer' });<br />const sanitizer = new HtmlSanitizer();</p><p class="my-3">const result = sanitizer.sanitize(userHtml);<br />if (result.xssPatterns.length > 0) {<br /> logger.warn('XSS attempt detected', {<br /> patterns: result.xssPatterns,<br /> removedTags: result.removedTags<br /> });<br />}<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3><br /><strong>Status</strong>: Not applicable</p><p class="my-3"><strong>Justification</strong>: This is a core utility package that performs HTML sanitization. It does not participate in service discovery, event publishing, or service mesh operations. While security events could theoretically be published to NeverHub, this package focuses solely on sanitization logic and delegates event handling to calling code.</p><p class="my-3"><strong>Pattern</strong>: Core utility - no service mesh integration needed. Security events should be handled by the application layer that uses this sanitizer.</p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3><br /><strong>Status</strong>: Ready</p><p class="my-3"><strong>Format</strong>: TypeDoc-compatible JSDoc comments are included throughout the source code. All public APIs are documented with examples and type information.</p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">Dependencies</h2></p><p class="my-3">- <strong>dompurify</strong> (^3.1.7) - HTML sanitization engine<br />- <strong>jsdom</strong> (^25.0.1) - DOM implementation for Node.js</p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">Development</h2></p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">bash<br /><h1 class="text-2xl font-bold mt-6 mb-4">Install dependencies</h1><br />npm install</p><p class="my-3"><h1 class="text-2xl font-bold mt-6 mb-4">Run tests</h1><br />npm test</p><p class="my-3"><h1 class="text-2xl font-bold mt-6 mb-4">Run tests with coverage</h1><br />npm run test:coverage</p><p class="my-3"><h1 class="text-2xl font-bold mt-6 mb-4">Build package</h1><br />npm run build</p><p class="my-3"><h1 class="text-2xl font-bold mt-6 mb-4">Lint code</h1><br />npm run lint<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">Testing</h2></p><p class="my-3">This package has comprehensive test coverage (90%+) including:</p><p class="my-3">- XSS attack prevention (script tags, event handlers, protocols)<br />- All security profiles (strict, moderate, relaxed)<br />- Custom configuration options<br />- Edge cases (malformed HTML, Unicode, large input)<br />- Sanitization result metadata</p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">Related Packages</h2></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3><br />- </code>dompurify<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> (npm) - HTML sanitization engine<br />- </code>jsdom<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> (npm) - DOM implementation</p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3><br />- </code>@bernierllc/content-transformer<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> - Content format conversions<br />- </code>@bernierllc/content-editor-service<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> - Editor backend<br />- </code>@bernierllc/markdown-renderer` - HTML output sanitization</p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3><br />- <strong>Content Management Suite</strong> - Blog content and commit message workflows</p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">License</h2></p><p class="my-3">Copyright (c) 2025 Bernier LLC</p><p class="my-3">This file is licensed to the client under a limited-use license.<br />The client may use and modify this code <em>only within the scope of the project it was delivered for</em>.<br />Redistribution or use in other products or commercial offerings is not permitted without written consent from Bernier LLC.</p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">Security</h2></p><p class="my-3">For security concerns or to report vulnerabilities, please contact: security@bernierllc.com</p><p class="my-3"><strong>This is a security-critical package. All XSS vulnerabilities are treated as high priority.</strong><br /></p></div><div class="flex justify-center absolute inset-x-0 bottom-0 bg-gradient-to-t from-background via-background to-transparent pb-4 pt-16"><button data-slot="button" class="inline-flex items-center justify-center whitespace-nowrap text-sm font-medium transition-all disabled:pointer-events-none disabled:opacity-50 [&_svg]:pointer-events-none [&_svg:not([class*='size-'])]:size-4 shrink-0 [&_svg]:shrink-0 outline-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive border bg-background shadow-xs hover:bg-accent hover:text-accent-foreground dark:bg-input/30 dark:border-input dark:hover:bg-input/50 h-8 rounded-md gap-1.5 px-3 has-[>svg]:px-2.5"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-chevron-down mr-1 h-4 w-4"><path d="m6 9 6 6 6-6"></path></svg>Show more</button></div></div></div><template id="P:3"></template><template id="P:4"></template></div></div></div><script>self.__next_f.push([1,"27:[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-users h-4 w-4\",\"children\":[[\"$\",\"path\",\"1yyitq\",{\"d\":\"M16 21v-2a4 4 0 0 0-4-4H6a4 4 0 0 0-4 4v2\"}],[\"$\",\"circle\",\"nufk8\",{\"cx\":\"9\",\"cy\":\"7\",\"r\":\"4\"}],[\"$\",\"path\",\"kshegd\",{\"d\":\"M22 21v-2a4 4 0 0 0-3-3.87\"}],[\"$\",\"path\",\"1da9ce\",{\"d\":\"M16 3.13a4 4 0 0 1 0 7.75\"}],\"$undefined\"]}]\n28:[\"$\",\"span\",null,{\"data-slot\":\"badge\",\"className\":\"inline-flex items-center justify-center rounded-md border px-2 py-0.5 font-medium w-fit whitespace-nowrap shrink-0 [\u0026\u003esvg]:size-3 gap-1 [\u0026\u003esvg]:pointer-events-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive transition-[color,box-shadow] overflow-hidden border-transparent bg-secondary text-secondary-foreground [a\u0026]:hover:bg-secondary/90 ml-auto text-xs\",\"children\":1}]\n29:[\"$\",\"div\",null,{\"data-slot\":\"card-content\",\"className\":\"px-6\",\"children\":[\"$\",\"div\",null,{\"className\":\"grid gap-1\",\"children\":[[\"$\",\"$L5\",\"@bernierllc/logger\",{\"href\":\"/package/%40bernierllc%2Flogger\",\"className\":\"group flex items-center justify-between rounded-md px-2 py-1.5 text-sm transition-colors hover:bg-accent\",\"children\":[[\"$\",\"span\",null,{\"className\":\"flex items-center gap-1.5 truncate font-mono text-foreground\",\"children\":[[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-chevron-right h-3 w-3 text-muted-foreground opacity-0 transition-opacity group-hover:opacity-100\",\"children\":[[\"$\",\"path\",\"mthhwq\",{\"d\":\"m9 18 6-6-6-6\"}],\"$undefined\"]}],\"@bernierllc/logger\"]}],[\"$\",\"span\",null,{\"className\":\"ml-2 shrink-0 font-mono text-xs text-muted-foreground\",\"children\":\"^1.0.0\"}]]}]]}]}]\n"])</script><script>self.__next_f.push([1,"2a:[\"$\",\"div\",null,{\"data-slot\":\"card\",\"className\":\"bg-card text-card-foreground flex flex-col gap-6 rounded-xl border shadow-sm py-4 lg:col-span-2\",\"children\":[[\"$\",\"div\",null,{\"data-slot\":\"card-header\",\"className\":\"@container/card-header grid auto-rows-min grid-rows-[auto_auto] items-start gap-2 px-6 has-data-[slot=card-action]:grid-cols-[1fr_auto] [.border-b]:pb-6 pb-2\",\"children\":[\"$\",\"div\",null,{\"data-slot\":\"card-title\",\"className\":\"font-semibold flex items-center gap-2 text-base\",\"children\":[[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-wrench h-4 w-4\",\"children\":[[\"$\",\"path\",\"cbrjhi\",{\"d\":\"M14.7 6.3a1 1 0 0 0 0 1.4l1.6 1.6a1 1 0 0 0 1.4 0l3.77-3.77a6 6 0 0 1-7.94 7.94l-6.91 6.91a2.12 2.12 0 0 1-3-3l6.91-6.91a6 6 0 0 1 7.94-7.94l-3.76 3.76z\"}],\"$undefined\"]}],\"Dev Dependencies\",[\"$\",\"span\",null,{\"data-slot\":\"badge\",\"className\":\"inline-flex items-center justify-center rounded-md border px-2 py-0.5 font-medium w-fit whitespace-nowrap shrink-0 [\u0026\u003esvg]:size-3 gap-1 [\u0026\u003esvg]:pointer-events-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive transition-[color,box-shadow] overflow-hidden border-transparent bg-secondary text-secondary-foreground [a\u0026]:hover:bg-secondary/90 ml-auto text-xs\",\"children\":10}]]}]}],[\"$\",\"div\",null,{\"data-slot\":\"card-content\",\"className\":\"px-6\",\"children\":[\"$\",\"div\",null,{\"className\":\"grid gap-1 sm:grid-cols-2 lg:grid-cols-3\",\"children\":[[\"$\",\"$L5\",\"@types/dompurify\",{\"href\":\"/package/%40types%2Fdompurify\",\"className\":\"group flex items-center justify-between rounded-md px-2 py-1.5 text-sm transition-colors hover:bg-accent\",\"children\":[[\"$\",\"span\",null,{\"className\":\"flex items-center gap-1.5 truncate font-mono text-foreground\",\"children\":[[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-chevron-right h-3 w-3 text-muted-foreground opacity-0 transition-opacity group-hover:opacity-100\",\"children\":[[\"$\",\"path\",\"mthhwq\",{\"d\":\"m9 18 6-6-6-6\"}],\"$undefined\"]}],\"@types/dompurify\"]}],[\"$\",\"span\",null,{\"className\":\"ml-2 shrink-0 font-mono text-xs text-muted-foreground\",\"children\":\"^3.0.5\"}]]}],[\"$\",\"$L5\",\"@types/jest\",{\"href\":\"/package/%40types%2Fjest\",\"className\":\"group flex items-center justify-between rounded-md px-2 py-1.5 text-sm transition-colors hover:bg-accent\",\"children\":[[\"$\",\"span\",null,{\"className\":\"flex items-center gap-1.5 truncate font-mono text-foreground\",\"children\":[[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-chevron-right h-3 w-3 text-muted-foreground opacity-0 transition-opacity group-hover:opacity-100\",\"children\":[[\"$\",\"path\",\"mthhwq\",{\"d\":\"m9 18 6-6-6-6\"}],\"$undefined\"]}],\"@types/jest\"]}],[\"$\",\"span\",null,{\"className\":\"ml-2 shrink-0 font-mono text-xs text-muted-foreground\",\"children\":\"^29.5.0\"}]]}],[\"$\",\"$L5\",\"@types/jsdom\",{\"href\":\"/package/%40types%2Fjsdom\",\"className\":\"group flex items-center justify-between rounded-md px-2 py-1.5 text-sm transition-colors hover:bg-accent\",\"children\":[[\"$\",\"span\",null,{\"className\":\"flex items-center gap-1.5 truncate font-mono text-foreground\",\"children\":[[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-chevron-right h-3 w-3 text-muted-foreground opacity-0 transition-opacity group-hover:opacity-100\",\"children\":[\"$L2c\",\"$undefined\"]}],\"@types/jsdom\"]}],\"$L2d\"]}],\"$L2e\",\"$L2f\",\"$L30\",\"$L31\",\"$L32\",\"$L33\",\"$L34\"]}]}]]}]\n"])</script><script>self.__next_f.push([1,"2c:[\"$\",\"path\",\"mthhwq\",{\"d\":\"m9 18 6-6-6-6\"}]\n2d:[\"$\",\"span\",null,{\"className\":\"ml-2 shrink-0 font-mono text-xs text-muted-foreground\",\"children\":\"^21.1.7\"}]\n2e:[\"$\",\"$L5\",\"@types/node\",{\"href\":\"/package/%40types%2Fnode\",\"className\":\"group flex items-center justify-between rounded-md px-2 py-1.5 text-sm transition-colors hover:bg-accent\",\"children\":[[\"$\",\"span\",null,{\"className\":\"flex items-center gap-1.5 truncate font-mono text-foreground\",\"children\":[[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-chevron-right h-3 w-3 text-muted-foreground opacity-0 transition-opacity group-hover:opacity-100\",\"children\":[[\"$\",\"path\",\"mthhwq\",{\"d\":\"m9 18 6-6-6-6\"}],\"$undefined\"]}],\"@types/node\"]}],[\"$\",\"span\",null,{\"className\":\"ml-2 shrink-0 font-mono text-xs text-muted-foreground\",\"children\":\"^20.0.0\"}]]}]\n2f:[\"$\",\"$L5\",\"@typescript-eslint/eslint-plugin\",{\"href\":\"/package/%40typescript-eslint%2Feslint-plugin\",\"className\":\"group flex items-center justify-between rounded-md px-2 py-1.5 text-sm transition-colors hover:bg-accent\",\"children\":[[\"$\",\"span\",null,{\"className\":\"flex items-center gap-1.5 truncate font-mono text-foreground\",\"children\":[[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-chevron-right h-3 w-3 text-muted-foreground opacity-0 transition-opacity group-hover:opacity-100\",\"children\":[[\"$\",\"path\",\"mthhwq\",{\"d\":\"m9 18 6-6-6-6\"}],\"$undefined\"]}],\"@typescript-eslint/eslint-plugin\"]}],[\"$\",\"span\",null,{\"className\":\"ml-2 shrink-0 font-mono text-xs text-muted-foreground\",\"children\":\"^6.0.0\"}]]}]\n30:[\"$\",\"$L5\",\"@typescript-eslint/parser\",{\"href\":\"/package/%40typescript-eslint%2Fparser\",\"className\":\"group flex items-center justify-between rounded-md px-2 py-1.5 text-sm transition-colors hover:bg-accent\",\"children\":[[\"$\",\"span\",null,{\"className\":\"flex items-center gap-1.5 truncate font-mono text-foreground\",\"children\":[[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-chevron-right h-3 w-3 text-muted-foreground opacity-0 transition-opacity group-hover:opacity-100\",\"children\":[[\"$\",\"path\",\"mthhwq\",{\"d\":\"m9 18 6-6-6-6\"}],\"$undefined\"]}],\"@typescript-eslint/parser\"]}],[\"$\",\"span\",null,{\"className\":\"ml-2 shrink-0 font-mono text-xs text-muted-foreground\",\"children\":\"^6.0.0\"}]]}]\n31:[\"$\",\"$L5\",\"eslint\",{\"href\":\"/package/eslint\",\"className\":\"group flex items-center justify-between rounded-md px-2 py-1.5 text-sm transition-colors hover:bg-accent\",\"children\":[[\"$\",\"span\",null,{\"className\":\"flex items-center gap-1.5 truncate font-mono text-foreground\",\"children\":[[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-chevron-right h-3 w-3 text-muted-foreground opacity-0 transition-opacity group-hover:opacity-100\",\"children\":[[\"$\",\"path\",\"mthhwq\",{\"d\":\"m9 18 6-6-6-6\"}],\"$undefined\"]}],\"eslint\"]}],[\"$\",\"span\",null,{\"className\":\"ml-2 shrink-0 font-mono text-xs text-muted-foreground\",\"children\":\"^8.50.0\"}]]}]\n32:[\"$\",\"$L5\",\"jest\",{\"href\":\"/package/jest\",\"className\":\"group flex items-center justify-between rounded-md px-2 py-1.5 text-sm transition-colors hover:bg-accent\",\"children\":[[\"$\",\"span\",null,{\"className\":\"flex items-center gap-1.5 truncate font-mono text-foreground\",\"children\":[[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":"])</script><script>self.__next_f.push([1,"\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-chevron-right h-3 w-3 text-muted-foreground opacity-0 transition-opacity group-hover:opacity-100\",\"children\":[[\"$\",\"path\",\"mthhwq\",{\"d\":\"m9 18 6-6-6-6\"}],\"$undefined\"]}],\"jest\"]}],[\"$\",\"span\",null,{\"className\":\"ml-2 shrink-0 font-mono text-xs text-muted-foreground\",\"children\":\"^29.5.0\"}]]}]\n33:[\"$\",\"$L5\",\"ts-jest\",{\"href\":\"/package/ts-jest\",\"className\":\"group flex items-center justify-between rounded-md px-2 py-1.5 text-sm transition-colors hover:bg-accent\",\"children\":[[\"$\",\"span\",null,{\"className\":\"flex items-center gap-1.5 truncate font-mono text-foreground\",\"children\":[[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-chevron-right h-3 w-3 text-muted-foreground opacity-0 transition-opacity group-hover:opacity-100\",\"children\":[[\"$\",\"path\",\"mthhwq\",{\"d\":\"m9 18 6-6-6-6\"}],\"$undefined\"]}],\"ts-jest\"]}],[\"$\",\"span\",null,{\"className\":\"ml-2 shrink-0 font-mono text-xs text-muted-foreground\",\"children\":\"^29.1.0\"}]]}]\n34:[\"$\",\"$L5\",\"typescript\",{\"href\":\"/package/typescript\",\"className\":\"group flex items-center justify-between rounded-md px-2 py-1.5 text-sm transition-colors hover:bg-accent\",\"children\":[[\"$\",\"span\",null,{\"className\":\"flex items-center gap-1.5 truncate font-mono text-foreground\",\"children\":[[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-chevron-right h-3 w-3 text-muted-foreground opacity-0 transition-opacity group-hover:opacity-100\",\"children\":[[\"$\",\"path\",\"mthhwq\",{\"d\":\"m9 18 6-6-6-6\"}],\"$undefined\"]}],\"typescript\"]}],[\"$\",\"span\",null,{\"className\":\"ml-2 shrink-0 font-mono text-xs text-muted-foreground\",\"children\":\"^5.0.0\"}]]}]\n"])</script><div hidden id="S:3"><div data-state="inactive" data-orientation="horizontal" role="tabpanel" aria-labelledby="radix-_R_aav5ubrb_-trigger-dependencies" hidden="" id="radix-_R_aav5ubrb_-content-dependencies" tabindex="0" data-slot="tabs-content" class="flex-1 outline-none mt-6"></div></div><script>$RS=function(a,b){a=document.getElementById(a);b=document.getElementById(b);for(a.parentNode.removeChild(a);a.firstChild;)b.parentNode.insertBefore(a.firstChild,b);b.parentNode.removeChild(b)};$RS("S:3","P:3")</script><div hidden id="S:4"><div data-state="inactive" data-orientation="horizontal" role="tabpanel" aria-labelledby="radix-_R_aav5ubrb_-trigger-versions" hidden="" id="radix-_R_aav5ubrb_-content-versions" tabindex="0" data-slot="tabs-content" class="flex-1 outline-none mt-6"></div></div><script>$RS("S:4","P:4")</script><script>$RC("B:1","S:1")</script></body></html>