import DOMPurify from "dompurify";

/**
 * Strip all HTML tags and attributes from a string.
 * Returns plain text only (no tags, no attributes).
 * SSR-safe: returns the input unchanged on the server.
 */
export function sanitizeHtml(dirty: string): string {
  if (typeof window === "undefined") {
    // Server-side: strip all HTML tags as a safe fallback
    return dirty.replace(/<[^>]*>/g, "");
  }
  return DOMPurify.sanitize(dirty, { ALLOWED_TAGS: [], ALLOWED_ATTR: [] });
}