feat: security and auditing

apps/frontend/src/app/services/sanitize.service.ts

@@ -0,0 +1,28 @@
+/**
+ * @copyright 2026 NHCarrigan
+ * @license Naomi's Public License
+ * @author Naomi Carrigan
+ */
+
+import { Injectable, SecurityContext, inject } from '@angular/core';
+import { DomSanitizer, SafeHtml } from '@angular/platform-browser';
+
+/**
+ * Service for sanitizing HTML content on the frontend.
+ * Provides defence-in-depth XSS protection alongside backend sanitization.
+ */
+@Injectable({
+  providedIn: 'root'
+})
+export class SanitizeService {
+  private sanitizer = inject(DomSanitizer);
+
+  /**
+   * Sanitizes HTML content for safe rendering.
+   * This provides a second layer of protection after backend sanitization.
+   */
+  sanitizeHtml(html: string): SafeHtml {
+    const sanitized = this.sanitizer.sanitize(SecurityContext.HTML, html);
+    return this.sanitizer.bypassSecurityTrustHtml(sanitized ?? '');
+  }
+}