From 977399a73e50fb12c90525cef2f8aa956cfd20ff Mon Sep 17 00:00:00 2001
From: contributor <foss.contributor@gmail.com>
Date: Tue, 3 Jan 2023 20:45:00 +0200
Subject: [PATCH 1/3] refac: better naming

---
 src/routes/api/clipper.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/routes/api/clipper.js b/src/routes/api/clipper.js
index ac3bb416f..5c89ac291 100644
--- a/src/routes/api/clipper.js
+++ b/src/routes/api/clipper.js
@@ -14,8 +14,8 @@ const Attribute = require('../../becca/entities/attribute');
 const htmlSanitizer = require('../../services/html_sanitizer');
 const {formatAttrForSearch} = require("../../services/attribute_formatter");
 
-function findClippingNote(todayNote, pageUrl) {
-    const notes = todayNote.searchNotesInSubtree(
+function findClippingNote(clipperInboxNote, pageUrl) {
+    const notes = clipperInboxNote.searchNotesInSubtree(
         formatAttrForSearch({
             type: 'label',
             name: "pageUrl",

From f02ad63e976e4fa28e99dedeb0faf5f777dec47c Mon Sep 17 00:00:00 2001
From: contributor <foss.contributor@gmail.com>
Date: Tue, 3 Jan 2023 20:36:40 +0200
Subject: [PATCH 2/3] npm i @braintree/sanitize-url

---
 package-lock.json | 11 +++++++++++
 package.json      |  1 +
 2 files changed, 12 insertions(+)

diff --git a/package-lock.json b/package-lock.json
index b6e2c904e..5db7570d6 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,6 +10,7 @@
       "hasInstallScript": true,
       "license": "AGPL-3.0-only",
       "dependencies": {
+        "@braintree/sanitize-url": "^6.0.2",
         "@electron/remote": "2.0.9",
         "@excalidraw/excalidraw": "0.13.0",
         "archiver": "5.3.1",
@@ -115,6 +116,11 @@
         "node": ">=6.9.0"
       }
     },
+    "node_modules/@braintree/sanitize-url": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/@braintree/sanitize-url/-/sanitize-url-6.0.2.tgz",
+      "integrity": "sha512-Tbsj02wXCbqGmzdnXNk0SOF19ChhRU70BsroIi4Pm6Ehp56in6vch94mfbdQ17DozxkL3BAVjbZ4Qc1a0HFRAg=="
+    },
     "node_modules/@develar/schema-utils": {
       "version": "2.6.5",
       "resolved": "https://registry.npmjs.org/@develar/schema-utils/-/schema-utils-2.6.5.tgz",
@@ -10552,6 +10558,11 @@
         "regenerator-runtime": "^0.13.4"
       }
     },
+    "@braintree/sanitize-url": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/@braintree/sanitize-url/-/sanitize-url-6.0.2.tgz",
+      "integrity": "sha512-Tbsj02wXCbqGmzdnXNk0SOF19ChhRU70BsroIi4Pm6Ehp56in6vch94mfbdQ17DozxkL3BAVjbZ4Qc1a0HFRAg=="
+    },
     "@develar/schema-utils": {
       "version": "2.6.5",
       "resolved": "https://registry.npmjs.org/@develar/schema-utils/-/schema-utils-2.6.5.tgz",
diff --git a/package.json b/package.json
index 89837afe1..04bf823cd 100644
--- a/package.json
+++ b/package.json
@@ -27,6 +27,7 @@
     "postinstall": "rimraf ./node_modules/canvas"
   },
   "dependencies": {
+    "@braintree/sanitize-url": "^6.0.2",
     "@electron/remote": "2.0.9",
     "@excalidraw/excalidraw": "0.13.0",
     "archiver": "5.3.1",

From 85a6e8b47e8bf4bef049bcd386ef0efb5fe800c9 Mon Sep 17 00:00:00 2001
From: contributor <foss.contributor@gmail.com>
Date: Tue, 3 Jan 2023 20:44:31 +0200
Subject: [PATCH 3/3] fix clipping selection can create multiple notes for the
 same Url

sanitize was replacing '&' char to '&amp;'and changing actual Url
---
 src/routes/api/clipper.js      | 5 ++---
 src/services/html_sanitizer.js | 4 +++-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/routes/api/clipper.js b/src/routes/api/clipper.js
index 5c89ac291..71bcf84a4 100644
--- a/src/routes/api/clipper.js
+++ b/src/routes/api/clipper.js
@@ -47,6 +47,7 @@ function addClipping(req) {
 
     const clipperInbox = getClipperInboxNote();
 
+    pageUrl = htmlSanitizer.sanitizeUrl(pageUrl);
     let clippingNote = findClippingNote(clipperInbox, pageUrl);
 
     if (!clippingNote) {
@@ -57,8 +58,6 @@ function addClipping(req) {
             type: 'text'
         }).note;
 
-        pageUrl = htmlSanitizer.sanitize(pageUrl);
-
         clippingNote.setLabel('clipType', 'clippings');
         clippingNote.setLabel('pageUrl', pageUrl);
         clippingNote.setLabel('iconClass', 'bx bx-globe');
@@ -96,7 +95,7 @@ function createNote(req) {
     note.setLabel('clipType', clipType);
 
     if (pageUrl) {
-        pageUrl = htmlSanitizer.sanitize(pageUrl);
+        pageUrl = htmlSanitizer.sanitizeUrl(pageUrl);
 
         note.setLabel('pageUrl', pageUrl);
         note.setLabel('iconClass', 'bx bx-globe');
diff --git a/src/services/html_sanitizer.js b/src/services/html_sanitizer.js
index 9164ddfda..e3df0d135 100644
--- a/src/services/html_sanitizer.js
+++ b/src/services/html_sanitizer.js
@@ -1,4 +1,5 @@
 const sanitizeHtml = require('sanitize-html');
+const sanitizeUrl = require('@braintree/sanitize-url').sanitizeUrl;
 
 // intended mainly as protection against XSS via import
 // secondarily it (partly) protects against "CSS takeover"
@@ -48,5 +49,6 @@ function sanitize(dirtyHtml) {
 }
 
 module.exports = {
-    sanitize
+    sanitize,
+    sanitizeUrl
 };