Centralized HTML/XML escaping utilities for the generation
layer. Wraps the existing escapeHTML from utils/file-utils.ts and
escapeXML from sitemap/xml-utils.ts with branded-type producers so
downstream code can prove at compile-time that a string has been
sanitized before interpolation.
This module is the single gateway for creating branded
SafeHtmlString and SafeXmlString values. Template code
should accept only these types — never raw string — to prevent XSS.
Description
Centralized HTML/XML escaping utilities for the generation layer. Wraps the existing
escapeHTMLfromutils/file-utils.tsandescapeXMLfromsitemap/xml-utils.tswith branded-type producers so downstream code can prove at compile-time that a string has been sanitized before interpolation.This module is the single gateway for creating branded SafeHtmlString and SafeXmlString values. Template code should accept only these types — never raw
string— to prevent XSS.