import DOMPurify from 'isomorphic-dompurify';

/**
 * Sanitizes HTML content, allowing only safe inline formatting elements.
 * Removes scripts, event handlers, iframes, and other risky elements.
 */
export function sanitizeHtml(html: string): string {
	return DOMPurify.sanitize(html, {
		ALLOWED_TAGS: ['b', 'i', 'em', 'strong', 'br', 'p', 'span'],
		ALLOWED_ATTR: []
	});
}