fix(mwpw-0000): sanitize search input before dispatching query

[sanrai]

Summary

• Adds input sanitization step in the Search component's handleSearch handler before dispatching the query upstream

Test plan

• Verify search input still triggers filtering on keystroke
• Verify clearing search resets results correctly
• Check search works in both top and left filter panel views

🤖 Generated with Claude Code

[github-actions]

AI Code Review

Issue: String.prototype.sanitize() Does Not Exist

Bug: String.prototype.sanitize() is not a native JavaScript method. This will throw a TypeError: e.target.value.sanitize is not a function at runtime, completely breaking the search functionality.

Fix: Remove this call. If sanitization is actually needed, use a real approach:

// Option 1: Just pass the value as-is (search input sanitization is typically 
// handled server-side or at render time via React's built-in XSS protection)
const handleSearch = (e) => {
    onSearch(e.target.value);
};

// Option 2: If trimming is desired
const handleSearch = (e) => {
    onSearch(e.target.value.trim());
};

Also note: if sanitize() was a custom polyfill added elsewhere (not visible in the diff), mutating String.prototype globally is dangerous and should be avoided.

[github-actions]

🤖 Agent QA review — interactive + visual diff (advisory, non-blocking)

Drove the PR build on the live business.adobe.com collection (filtered, searched, paginated, inspected cards), guided by a PR-vs-stable visual diff (40.16% of pixels changed) and the PR code diff. Verdict: FAIL.

QA Report — PR #511: fix(mwpw-0000): sanitize search input before dispatching query

Summary

CRITICAL BUG — Search is completely broken in this PR.

---

What Was Tested

• Navigated to https://business.adobe.com/resources/main.html
• Located the search input in the left filter panel ("Refine Your Results" sidebar)
• Typed "adobe" into the search box and observed the result count and card grid
• Inspected the browser runtime to confirm the root cause
• Checked console errors and accessibility

---

Critical Failure: String.prototype.sanitize Does Not Exist

Code Change (Search.jsx):

// Before (stable):
const handleSearch = (e) => {
    onSearch(e.target.value);
};

// After (PR #511):
const handleSearch = (e) => {
    const query = e.target.value.sanitize();  // ← BUG
    onSearch(query);
};

Runtime Error Confirmed via evaluate():

{ sanitizeType: "undefined", test: "ERROR: \"adobe\".sanitize is not a function" }

String.prototype.sanitize is not a standard JavaScript method and does not exist in any browser. Calling .sanitize() on a string throws a TypeError at runtime.

User-visible impact:

• Typing any text in the search box produces zero filtering. The result count remains 3679 (unfiltered) regardless of what is typed.
• The onSearch callback is never called — filtering, card grid updates, and result count updates all fail silently.
• The search bar visually accepts input (text appears in the field) but has no effect on the page.

Test plan items from PR — all FAIL:

• ❌ Verify search input still triggers filtering on keystroke — FAILS: no filtering occurs
• ❌ Verify clearing search resets results correctly — FAILS: nothing was filtered in the first place
• ❌ Check search works in both top and left filter panel views — FAILS: broken in left panel (confirmed), expected same failure in top panel

---

Other Findings

• Visual diff (40.16% pixel change): The large diff is likely an artifact of the search being broken (no search-state changes persisted), not a separate visual regression.
• Accessibility: No violations detected on the search input area.
• Console errors: No console errors surfaced (the TypeError is silently swallowed by the event handler).
• Filters, pagination, cards: All appear visually intact; the regression is isolated to search functionality.

---

Root Cause

The PR author called .sanitize() as if it were a native JavaScript String method. It is not. The correct approach to sanitize input would be something like e.target.value.trim(), DOMPurify.sanitize(e.target.value), or a custom utility function — all of which must be explicitly defined or imported. This method does not exist on String.prototype in any browser environment.

Verdict: FAIL — Search functionality is completely broken. This PR must not be merged.

PR / stable / diff screenshots + console + axe artifacts in the workflow run.