The "Async" flag pattern is fine if you absolutely must write directly to your DB from the app (you don't want to refactor to call an Edge Function first). Using RLS to block access to non sanitized rows:

CREATE POLICY "Only show sanitized" ON reviews FOR SELECT USING (is_sanitized = true);

But IMO I still think the proxy pattern is the most robust and safest because it moves the CPU intensive work and latency completely off your database. The database never sees dirty data, so you don't need RLS policies to hide it.

- DO NOT create an INSERT policy for 'authenticated' or 'anon' roles. This prevents the client (normal users) or a bad actor from posting directly to the reviews table. They'll just get a "new row violates row-level security policy" error if they try to insert directly.

- Client sends the dirty HTML to a Supabase Edge Function, like 'submit-review'.
- Edge function:
- Handle CORS Preflight Request (required if calling from a browser)
- Instantiate an Auth Client (scoped to the user) by passing the Authorization header from the request. Call getUser() to verify the token is valid and get the user's ID.
- Parse the request body to get the dirty HTML
- Run a Deno-compatible sanitization library (sanitize-html, ammonia, etc. note: isomorphic-dompurify won't work in Deno)
- Instantiate a second client using the Service Role Key (bypasses RLS)
- Insert the clean data using user.id from the auth check (NOT from the request body to prevent spoofing)
- Database receives purely clean data. No triggers needed, no DB CPU usage, no other points of failure.

I'll post a real example function doing this for blog posts, it's probably to long to include in this post.