/**
 * Shared utility functions for vanilla components.
 */
/**
 * Escape HTML special characters for safe DOM insertion.
 * Uses string replacement for better performance than DOM-based approach.
 */
export declare function escapeHtml(str: string): string;
/**
 * Sanitize URL for use in href attribute.
 * Blocks dangerous protocols (javascript:, data:, vbscript:) while allowing
 * relative paths, http/https URLs, and tel/mailto links.
 * Does NOT escape HTML entities - use escapeHtml() on the result when inserting into HTML.
 */
export declare function sanitizeUrl(url: string): string;