assets/xss-filtering: Strip any query parameters from img src attribute

When attempting to replace a relative image url with the one for getting
the image bytes from the archive content, ensure that query parameters
will be stripped from the image src attribute otherwise the image path
will not be found in the archive.

assets/src/bundles/webapp/xss-filtering.js

 /**
- * Copyright (C) 2019-2020  The Software Heritage developers
+ * Copyright (C) 2019-2021  The Software Heritage developers
  * See the AUTHORS file at the top-level directory of this distribution
  * License: GNU Affero General Public License version 3, or any later version
  * See top-level LICENSE file for more information
@@ -31,9 +31,20 @@ DOMPurify.addHook('uponSanitizeAttribute', function(node, data) {
 
     // used internal endpoint as image url to possibly get the image data
     // from the archive content
-    let url = Urls.browse_directory_resolve_content_path(swhObjectMetadata.directory);
-    url += `?path=${data.attrValue}`;
-    data.attrValue = url;
+    let directoryUrl = Urls.browse_directory_resolve_content_path(swhObjectMetadata.directory);
+    let path = data.attrValue;
+    // strip any query parameters appended to path
+    let processedPath = path;
+    if (!processedPath.startsWith('/')) {
+      processedPath = '/' + processedPath;
+    }
+    const url = new URL(window.location.origin + processedPath);
+    if (url.search) {
+      path = path.replace(url.search, '');
+    }
+    // update img src attribute with archive URL
+    directoryUrl += `?path=${encodeURIComponent(path)}`;
+    data.attrValue = directoryUrl;
   }
 });