fix clipping selection can create multiple notes for the same Url

sanitize was replacing '&' char to '&'and changing actual Url

src/routes/api/clipper.js

@@ -47,6 +47,7 @@ function addClipping(req) {
 
     const clipperInbox = getClipperInboxNote();
 
+    pageUrl = htmlSanitizer.sanitizeUrl(pageUrl);
     let clippingNote = findClippingNote(clipperInbox, pageUrl);
 
     if (!clippingNote) {
@@ -57,8 +58,6 @@ function addClipping(req) {
             type: 'text'
         }).note;
 
-        pageUrl = htmlSanitizer.sanitize(pageUrl);
-
         clippingNote.setLabel('clipType', 'clippings');
         clippingNote.setLabel('pageUrl', pageUrl);
         clippingNote.setLabel('iconClass', 'bx bx-globe');
@@ -96,7 +95,7 @@ function createNote(req) {
     note.setLabel('clipType', clipType);
 
     if (pageUrl) {
-        pageUrl = htmlSanitizer.sanitize(pageUrl);
+        pageUrl = htmlSanitizer.sanitizeUrl(pageUrl);
 
         note.setLabel('pageUrl', pageUrl);
         note.setLabel('iconClass', 'bx bx-globe');

src/services/html_sanitizer.js

@@ -1,4 +1,5 @@
 const sanitizeHtml = require('sanitize-html');
+const sanitizeUrl = require('@braintree/sanitize-url').sanitizeUrl;
 
 // intended mainly as protection against XSS via import
 // secondarily it (partly) protects against "CSS takeover"
@@ -48,5 +49,6 @@ function sanitize(dirtyHtml) {
 }
 
 module.exports = {
-    sanitize
+    sanitize,
+    sanitizeUrl
 };