import DOMPurify from "dompurify";

/**
 * Strip all HTML tags and attributes from a string.
 * Returns plain text only (no tags, no attributes).
 * SSR-safe: returns the input unchanged on the server.
 */
export function sanitizeHtml(dirty: string): string {
  if (typeof window === "undefined") return dirty;
  return DOMPurify.sanitize(dirty, { ALLOWED_TAGS: [], ALLOWED_ATTR: [] });
}