fix(packages): fix type errors in consolidated packages + add missing files

- credits: fix mobile import paths (./operations → ../operations) - feedback: fix createFeedbackService import (./feedback → ./api), recover missing types.ts from git history - help: add package files (were untracked after consolidation) - Update lockfile after package restructuring All packages pass tsc --noEmit (excluding expected .svelte imports). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-26 22:57:43 +02:00 · 2026-03-28 17:53:34 +01:00 · 2026-03-28 17:53:34 +01:00 · 5e05c532a2
commit 5e05c532a2
parent cbd19c24ed
30 changed files with 3917 additions and 6341 deletions
--- a/packages/help/src/sanitize.ts
+++ b/packages/help/src/sanitize.ts
@ -0,0 +1,53 @@
+/**
+ * HTML Sanitization
+ * Prevents XSS when rendering Markdown-generated HTML via {@html}
+ */
+
+import DOMPurify from 'isomorphic-dompurify';
+
+/**
+ * Sanitize HTML content to prevent XSS attacks.
+ * Allows safe HTML tags commonly used in help content (headings, lists, links, etc.)
+ */
+export function sanitizeHtml(html: string): string {
+	return DOMPurify.sanitize(html, {
+		ALLOWED_TAGS: [
+			'h1',
+			'h2',
+			'h3',
+			'h4',
+			'h5',
+			'h6',
+			'p',
+			'br',
+			'hr',
+			'ul',
+			'ol',
+			'li',
+			'a',
+			'strong',
+			'b',
+			'em',
+			'i',
+			'code',
+			'pre',
+			'blockquote',
+			'table',
+			'thead',
+			'tbody',
+			'tr',
+			'th',
+			'td',
+			'mark',
+			'kbd',
+			'img',
+			'span',
+			'div',
+			'dl',
+			'dt',
+			'dd',
+		],
+		ALLOWED_ATTR: ['href', 'target', 'rel', 'src', 'alt', 'title', 'class', 'id'],
+		ADD_ATTR: ['target'],
+	});
+}