generated from nhcarrigan/template
29 lines
818 B
TypeScript
29 lines
818 B
TypeScript
/**
|
|
* @copyright 2026 NHCarrigan
|
|
* @license Naomi's Public License
|
|
* @author Naomi Carrigan
|
|
*/
|
|
|
|
import { Injectable, SecurityContext, inject } from '@angular/core';
|
|
import { DomSanitizer, SafeHtml } from '@angular/platform-browser';
|
|
|
|
/**
|
|
* Service for sanitizing HTML content on the frontend.
|
|
* Provides defence-in-depth XSS protection alongside backend sanitization.
|
|
*/
|
|
@Injectable({
|
|
providedIn: 'root'
|
|
})
|
|
export class SanitizeService {
|
|
private sanitizer = inject(DomSanitizer);
|
|
|
|
/**
|
|
* Sanitizes HTML content for safe rendering.
|
|
* This provides a second layer of protection after backend sanitization.
|
|
*/
|
|
sanitizeHtml(html: string): SafeHtml {
|
|
const sanitized = this.sanitizer.sanitize(SecurityContext.HTML, html);
|
|
return this.sanitizer.bypassSecurityTrustHtml(sanitized ?? '');
|
|
}
|
|
}
|