/**
 * @copyright 2026 NHCarrigan
 * @license Naomi's Public License
 * @author Naomi Carrigan
 */

import { Injectable, SecurityContext, inject } from '@angular/core';
import { DomSanitizer, SafeHtml } from '@angular/platform-browser';

/**
 * Service for sanitizing HTML content on the frontend.
 * Provides defence-in-depth XSS protection alongside backend sanitization.
 */
@Injectable({
  providedIn: 'root'
})
export class SanitizeService {
  private sanitizer = inject(DomSanitizer);

  /**
   * Sanitizes HTML content for safe rendering.
   * This provides a second layer of protection after backend sanitization.
   */
  sanitizeHtml(html: string): SafeHtml {
    const sanitized = this.sanitizer.sanitize(SecurityContext.HTML, html);
    return this.sanitizer.bypassSecurityTrustHtml(sanitized ?? '');
  }
}