changemaker.lite/api/src/utils/escapeHtml.ts

/** Escape HTML special characters to prevent XSS */
export function escapeHtml(unsafe: string): string {
  return unsafe
    .replace(/&/g, '&')
    .replace(/</g, '&lt;')
    .replace(/>/g, '&gt;')
    .replace(/"/g, '&quot;')
    .replace(/'/g, '&#039;');
}