/**
 * Security constants and safe lists.
 *
 * @module bquery/security
 */
/**
 * Trusted Types policy name.
 */
export declare const POLICY_NAME = "bquery-sanitizer";
/**
 * Default allowed HTML tags considered safe.
 */
export declare const DEFAULT_ALLOWED_TAGS: Set<string>;
/**
 * Explicitly dangerous tags that should never be allowed.
 * These are checked even if somehow added to allowTags.
 */
export declare const DANGEROUS_TAGS: Set<string>;
/**
 * Reserved IDs that could cause DOM clobbering attacks.
 * These are prevented to avoid overwriting global browser objects.
 */
export declare const RESERVED_IDS: Set<string>;
/**
 * Default allowed attributes considered safe.
 * Note: 'style' is excluded by default because inline CSS can be abused for:
 * - UI redressing attacks
 * - Data exfiltration via url() in CSS
 * - CSS injection vectors
 * If you need to allow inline styles, add 'style' to allowAttributes in your
 * sanitizeHtml options, but ensure you implement proper CSS value validation.
 */
export declare const DEFAULT_ALLOWED_ATTRIBUTES: Set<string>;
/**
 * Dangerous attribute prefixes to always remove.
 */
export declare const DANGEROUS_ATTR_PREFIXES: string[];
/**
 * Dangerous URL protocols to block.
 */
export declare const DANGEROUS_PROTOCOLS: string[];
//# sourceMappingURL=constants.d.ts.map