/**
 * Sanitize discount code input for security (XSS, injection prevention).
 * - Trims whitespace
 * - Limits length (max 50 chars)
 * - Allows alphanumeric, hyphen, underscore only
 */
const MAX_LENGTH = 50;

export function sanitizeDiscountCode(input: string | undefined): string {
	if (input == null || typeof input !== 'string') return '';
	const trimmed = input.trim().slice(0, MAX_LENGTH);
	return trimmed.replace(/[^a-zA-Z0-9_-]/g, '');
}