**Enhanced Visual Mode:**
- Add paste event handler that preserves HTML formatting when pasting
- Integrate with shared sanitization configuration for consistent filtering
- Preload sanitization config for optimal performance
- Support for bold, italic, and other basic formatting in visual mode
**Updated Sanitization Config:**
- Add more useful HTML tags: kbd, samp, var, details, summary, colgroup, col
- Add attributes for better table support: start, type for ol
- Add style attributes for more elements: table, ul, ol, li, blockquote, pre, code
- Maintain security while allowing richer content formatting
**User Experience:**
- Users can now paste formatted content (bold, italic, lists, etc.) in visual mode
- Content is automatically sanitized using backend configuration
- Updated help text to reflect new capabilities
- Maintains backward compatibility with plain text input
**Technical Improvements:**
- Async clipboard API support with fallbacks
- Error handling for paste operations
- Consistent sanitization between manual input and paste operations
Resolves issue where pasted formatted content was stripped to plain text in visual mode.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
**Backend Changes:**
- Add html-sanitization-config.json with allowedTags, allowedAttributes, and allowedCssProperties
- Create HtmlSanitizationConfigDto for configuration data transfer
- Update HtmlSanitizationService to load configuration from JSON file with fallback
- Add HtmlSanitizationController with public API endpoint at /api/config/html-sanitization
- Update SecurityConfig to allow public access to /api/config/** endpoints
**Frontend Changes:**
- Add configApi.getHtmlSanitizationConfig() to fetch backend configuration
- Create sanitization.ts utility with sanitizeHtml() and sanitizeHtmlSync() functions
- Update story reading page to use shared sanitization configuration
- Add preloadSanitizationConfig() for early configuration loading
- Handle TrustedHTML type conversion and DOMPurify config compatibility
**Benefits:**
- Consistent HTML sanitization rules between frontend and backend
- Centralized configuration in JSON file for easy maintenance
- Automatic fallback to safe defaults if configuration loading fails
- API-driven approach allows runtime configuration updates
- Maintains security while providing flexibility for content formatting
Resolves HTML sanitization inconsistencies and provides foundation for configurable content safety rules.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
