portfolio/server/utils/sanitize.ts

import sanitizeHtml from 'sanitize-html'

const allowedTags = ['em', 'span']
const allowedAttributes = {
  span: ['style'],
}

export function sanitizeValue(value: unknown): unknown {
  if (typeof value === 'string') {
    return sanitizeHtml(value, { allowedTags, allowedAttributes })
  }
  if (Array.isArray(value)) {
    return value.map(sanitizeValue)
  }
  if (value && typeof value === 'object') {
    const result: Record<string, unknown> = {}
    for (const [key, val] of Object.entries(value)) {
      result[key] = sanitizeValue(val)
    }
    return result
  }
  return value
}
security audit: server-side auth, path traversal fixes, rate limiting, upload safeguards 2026-05-12 12:42:07 +02:00			`import sanitizeHtml from 'sanitize-html'`

			`const allowedTags = ['em', 'span']`
			`const allowedAttributes = {`
			`span: ['style'],`
			`}`

			`export function sanitizeValue(value: unknown): unknown {`
			`if (typeof value === 'string') {`
			`return sanitizeHtml(value, { allowedTags, allowedAttributes })`
			`}`
			`if (Array.isArray(value)) {`
			`return value.map(sanitizeValue)`
			`}`
			`if (value && typeof value === 'object') {`
			`const result: Record<string, unknown> = {}`
			`for (const [key, val] of Object.entries(value)) {`
			`result[key] = sanitizeValue(val)`
			`}`
			`return result`
			`}`
			`return value`
			`}`