From eb64d7f0ff0961950900c71bda93544682b3f687 Mon Sep 17 00:00:00 2001
From: Laura Martinez Garcia <lauram@empathy.co>
Date: Tue, 5 Sep 2023 10:12:27 +0200
Subject: [PATCH] chore: new approach using sanitize util

---
 .../x-modules/url/components/url-handler.vue  | 26 +++----------------
 1 file changed, 3 insertions(+), 23 deletions(-)

diff --git a/packages/x-components/src/x-modules/url/components/url-handler.vue b/packages/x-components/src/x-modules/url/components/url-handler.vue
index a59837f506..5cd56c3330 100644
--- a/packages/x-components/src/x-modules/url/components/url-handler.vue
+++ b/packages/x-components/src/x-modules/url/components/url-handler.vue
@@ -13,6 +13,7 @@
   import { FeatureLocation } from '../../../types/origin';
   import { UrlParams } from '../../../types/url-params';
   import { isArrayEmpty } from '../../../utils/array';
+  import { sanitize } from '../../../utils/index';
   import { WireMetadata } from '../../../wiring/wiring.types';
   import { SnippetConfig } from '../../../x-installer/api/api.types';
   import { initialUrlState } from '../store/initial-state';
@@ -165,27 +166,6 @@
       this.urlLoaded = true;
     }
 
-    /**
-     * Detects if the user typing or pasting special/forbidden characters in some URL param and removes them.
-     *
-     * @internal
-     * @param urlValue - Param from the url that will be checked for special characters.
-     * @returns Param without special characters.
-     */
-    protected removeSpecialKeys(urlValue: string): string {
-      if (/[<>]/.test(urlValue ?? '')) {
-        let value = urlValue.replace(/<.*>/g, '');
-        if (!/</.test(value ?? '')) {
-          value = value.replace(/.*>/g, '');
-        } else if (!/>/.test(value ?? '')) {
-          value = value.replace(/<.*/g, '');
-        }
-        return value;
-      } else {
-        return urlValue;
-      }
-    }
-
     /**
      * Creates the wire metadata to include in every emitted {@link XEvent}.
      *
@@ -277,11 +257,11 @@
           if (urlSearchParams.has(urlKey)) {
             if (name in initialUrlState) {
               let urlValue = urlSearchParams.getAll(urlKey);
-              urlValue[0] = this.removeSpecialKeys(urlValue[0]);
+              urlValue[0] = sanitize(urlValue[0]);
               params.all[name] = this.parseUrlParam(name, urlValue);
             } else {
               let urlValueExtra = urlSearchParams.get(urlKey);
-              urlValueExtra = this.removeSpecialKeys(urlValueExtra!);
+              urlValueExtra = sanitize(urlValueExtra!);
               params.all[name] = params.extra[name] = urlValueExtra;
             }
           }