From 3dbfa25e82b91de18e75118c8dff95a21fb49f68 Mon Sep 17 00:00:00 2001
From: NKoelblen <hello@onoko.dev>
Date: Tue, 5 May 2026 13:02:02 +0200
Subject: [PATCH] fix: replace validator escape with sanitizeHtml in
 sanitizeString function

Co-authored-by: Copilot <copilot@github.com>
---
 src/utils/stringUtils.ts | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/utils/stringUtils.ts b/src/utils/stringUtils.ts
index 4b2c332..be8bbf7 100644
--- a/src/utils/stringUtils.ts
+++ b/src/utils/stringUtils.ts
@@ -1,4 +1,3 @@
-import validator from "validator";
 import sanitizeHtml from "sanitize-html";
 
 /**
@@ -30,10 +29,17 @@ export function sanitizeString(
   str: string,
   options?: { preserveEntities?: boolean },
 ): string {
-  const trimmed = str.trim();
+  const trimmed = str.trim().normalize("NFC");
+
+  const sanitizePlainText = (value: string): string =>
+    sanitizeHtml(value, {
+      allowedTags: [],
+      allowedAttributes: {},
+      disallowedTagsMode: "discard",
+    });
 
   if (!options?.preserveEntities) {
-    return validator.escape(trimmed);
+    return sanitizePlainText(trimmed);
   }
 
   const preservedEntities = ["&shy;", "&#8203;", "&nbsp;"];
@@ -47,7 +53,7 @@ export function sanitizeString(
     placeholders.set(token, entity);
   });
 
-  let escaped = validator.escape(protectedValue);
+  let escaped = sanitizePlainText(protectedValue);
   placeholders.forEach((entity, token) => {
     escaped = escaped.replaceAll(token, entity);
   });