feat: add data URL validation

api/src/app/utils/validation.ts

@@ -4,6 +4,13 @@
  * @author Naomi Carrigan
  */
 
+/**
+ * Validates that a URL is a proper base64 data string.
+ */
+export function validateDataUrl(url: string): boolean {
+  return /^data:image\/(jpeg|png|gif|webp|svg\+xml);base64,[A-Za-z0-9+/=]+$/.test(url);
+}
+
 /**
  * Validates that a URL is safe and points to an allowed protocol.
  * Prevents javascript:, data:, vbscript:, and file: URLs.
@@ -83,4 +90,5 @@ export const MAX_LENGTHS = {
   NOTES: 5000,
   TAGS: 50, // per tag
   ISBN: 50,
+  DATA_URL: 5 * 1024 * 1024, // 5MB in bytes (not chars)
 } as const;