/**
 * Security Utilities for NA-Kit UI
 *
 * Provides XSS protection, HTML sanitization, Content Security Policy
 * compliance, and secure defaults for enterprise applications.
 *
 * @module security
 */
export interface SanitizeOptions {
    /** Allowed HTML tags */
    allowedTags?: string[];
    /** Allowed attributes per tag */
    allowedAttributes?: Record<string, string[]>;
    /** Whether to allow data: URIs in href/src */
    allowDataUrls?: boolean;
    /** Whether to allow target="_blank" */
    allowTargetBlank?: boolean;
    /** Custom allowed URI schemes */
    allowedSchemes?: string[];
    /** Whether to strip all HTML and return plain text */
    stripAll?: boolean;
    /** Maximum length of output */
    maxLength?: number;
}
export interface CSPConfig {
    /** Script sources */
    scriptSrc?: string[];
    /** Style sources */
    styleSrc?: string[];
    /** Image sources */
    imgSrc?: string[];
    /** Font sources */
    fontSrc?: string[];
    /** Connect sources (fetch, XHR, WebSocket) */
    connectSrc?: string[];
    /** Frame sources */
    frameSrc?: string[];
    /** Default source */
    defaultSrc?: string[];
    /** Whether to enable strict-dynamic */
    strictDynamic?: boolean;
    /** Report URI */
    reportUri?: string;
}
/**
 * Sanitize HTML to prevent XSS attacks.
 * Uses DOMParser for safe parsing — no eval, no innerHTML on live DOM.
 *
 * @example
 * ```ts
 * sanitizeHTML('<p>Hello</p><script>alert("xss")</script>');
 * // → '<p>Hello</p>'
 *
 * sanitizeHTML('<a href="javascript:alert(1)">click</a>');
 * // → '<a>click</a>'
 * ```
 */
export declare function sanitizeHTML(html: string, options?: SanitizeOptions): string;
/**
 * Sanitize a URL to prevent javascript: and other dangerous schemes
 */
export declare function sanitizeURL(url: string, allowDataUrls?: boolean, allowedSchemes?: string[]): string | null;
/**
 * Sanitize inline CSS styles
 */
export declare function sanitizeStyle(style: string): string;
/**
 * Escape HTML entities to prevent XSS when inserting text into HTML
 */
export declare function escapeHTML(text: string): string;
/**
 * Decode HTML entities
 */
export declare function decodeHTMLEntities(text: string): string;
/**
 * Escape special characters for use in a regex
 */
export declare function escapeRegExp(str: string): string;
/**
 * Sanitize user input for common attack vectors
 */
export declare function sanitizeInput(input: string): string;
/**
 * Sanitize a filename to prevent path traversal and special characters
 */
export declare function sanitizeFilename(filename: string): string;
/**
 * Generate a Content Security Policy header string
 */
export declare function generateCSP(config: CSPConfig): string;
/**
 * Generate a nonce for inline scripts/styles
 */
export declare function generateNonce(length?: number): string;
/**
 * Create HTML safely using Trusted Types when available
 */
export declare function createSafeHTML(html: string, options?: SanitizeOptions): string;
/**
 * Simple client-side rate limiter for form submissions
 */
export declare class RateLimiter {
    private _timestamps;
    private _maxRequests;
    private _windowMs;
    constructor(maxRequests?: number, windowMs?: number);
    /** Check if action is allowed */
    canProceed(): boolean;
    /** Record an action */
    record(): boolean;
    /** Get remaining allowed actions */
    get remaining(): number;
    /** Reset the limiter */
    reset(): void;
}
//# sourceMappingURL=security.d.ts.map