Best practice to validate input on server (restrict allowed nodes)

[only-issues]

Hi, I’m using Lexical with a Node.js/TypeScript backend.

I want to validate the editor’s content on the server to avoid dirty input or malicious nodes. Basically, I only want to allow a specific set of nodes (e.g. Paragraph, Text, Link) and reject/clean anything else before saving.

What’s the recommended way to safely validate or sanitize Lexical’s JSON output on the server side? Is there a built-in helper for this, or do I need to manually traverse the editor state and whitelist nodes?

Thanks!

[etrepum]

Use a headless lexical editor to parse the content with node transforms to enforce any constraints.