/**
 * Security utilities for safe DOM rendering.
 *
 * These helpers exist because several components build markup with
 * `innerHTML` from data that can originate outside the application
 * (search results, autocomplete responses, document metadata, user
 * queries). Centralising the escaping logic keeps every call site
 * consistent and auditable.
 */
/**
 * Escape a string for safe interpolation into HTML text or attribute
 * contexts. Always use this before placing untrusted data into
 * `innerHTML`/template strings.
 */
export declare function escapeHtml(value: unknown): string;
/**
 * Escape a string so it can be embedded literally inside a `RegExp`.
 * Prevents both regex-injection and catastrophic-backtracking (ReDoS)
 * when a user-supplied query is turned into a pattern.
 */
export declare function escapeRegExp(value: string): string;
/**
 * Validate a URL for use in `href`/`src`. Returns the original URL when
 * it uses a safe scheme (or is a relative/anchor link), otherwise
 * returns `"#"` so dangerous schemes like `javascript:` cannot execute.
 */
export declare function safeUrl(url: unknown): string;
/**
 * Highlight occurrences of `query` inside `text`, returning HTML where
 * the surrounding text is fully escaped and matches are wrapped in a
 * `<mark>` element. Safe to assign to `innerHTML`.
 */
export declare function highlightSafe(text: string, query: string, markClass?: string): string;