export function escapeHtml(str: string | undefined | null): string { if (str === undefined || str === null) return ""; return String(str) .replace(/&/g, "&") .replace(//g, ">") .replace(/"/g, """) .replace(/'/g, "'"); } export function sanitizeUrl(url: string | undefined | null): string { if (!url) return ""; const trimmed = url.trim(); const lowerUrl = trimmed.toLowerCase(); if (lowerUrl.startsWith("javascript:") || lowerUrl.startsWith("data:") || lowerUrl.startsWith("vbscript:")) { return ""; } return escapeHtml(trimmed); } export function sanitizeTemplateData(data: Record): Record { const sanitized: Record = {}; for (const [key, value] of Object.entries(data)) { const lowerKey = key.toLowerCase(); if ( lowerKey.includes("linkedin") || lowerKey.includes("website") || lowerKey.includes("url") || lowerKey.includes("href") ) { sanitized[key] = sanitizeUrl(value); } else { sanitized[key] = escapeHtml(value); } } return sanitized; }