/** * Simple Whitelist-based HTML Sanitizer * Protects against XSS by stripping disallowed tags and attributes. */ class Sanitizer { // F-009 Security: Removed most form elements (textarea, input, label, select, option) // to prevent phishing via user-generated content. 'button' is allowed because our own // UI injects