Skip to content

Comments

fix(safe-outputs): preserve custom XML tags, only escape known HTML/SVG elements#18327

Closed
Copilot wants to merge 2 commits intomainfrom
copilot/fix-safe-outputs-sanitizer
Closed

fix(safe-outputs): preserve custom XML tags, only escape known HTML/SVG elements#18327
Copilot wants to merge 2 commits intomainfrom
copilot/fix-safe-outputs-sanitizer

Conversation

Copy link
Contributor

Copilot AI commented Feb 25, 2026
edited
Loading

The safe-outputs sanitizer was converting all unrecognized tags to parentheses — including custom XML like MSBuild's <AppendTargetFrameworkToOutputPath>false</AppendTargetFrameworkToOutputPath>, which would be mangled to (AppendTargetFrameworkToOutputPath)false(/AppendTargetFrameworkToOutputPath) even inside markdown code fences.

Changes

  • sanitize_content_core.cjs: Changed convertXmlTags() from an allowlist model (preserve GFM-safe tags, convert everything else) to a denylist model (only convert known HTML5 + SVG + MathML elements). Custom XML tags — anything not in the standard web vocabulary — pass through unchanged.

    • HTML5 elements: full element set added
    • SVG elements: included since they're valid inline HTML5 and support XSS vectors via event handlers (onload, etc.)
    • MathML: math root element included

  • sanitize_content.test.cjs: Added tests covering custom XML preservation and confirming known HTML elements are still converted.

Behavior

<!-- Before: mangled even inside code fences -->
(AppendTargetFrameworkToOutputPath)false(/AppendTargetFrameworkToOutputPath)

<!-- After: preserved -->
<AppendTargetFrameworkToOutputPath>false</AppendTargetFrameworkToOutputPath>

Known injection vectors are unchanged — <div>, <script>, <svg onload="..."> etc. are still converted to parentheses.

Original prompt

This section details on the original issue you should resolve

<issue_title>Safe-outputs add-comment strips < and > from markdown code blocks</issue_title>
<issue_description>The safe-outputs sanitizer replaces < and > with ( and ) in the posted comment body, even inside markdown code fences. This breaks XML/HTML code examples — critical for workflows that analyze MSBuild/XML-based build systems.

Example

The agent produces:

<AppendTargetFrameworkToOutputPath>false</AppendTargetFrameworkToOutputPath>

But the posted comment contains:

(AppendTargetFrameworkToOutputPath)false(/AppendTargetFrameworkToOutputPath)

Repro

ViktorHofer/msbuild-s1#4 (comment)

Workflow: MSBuild Build Failure Analyzer run</issue_description>

Comments on the Issue (you are @copilot in this section)

@pelikhan @copilot update JavaScript xml escaped to only escape known HTML elements.

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

@pelikhan
fix: only convert known HTML/SVG elements in safe-outputs sanitizer
aa51d48 
Custom XML tags (e.g., MSBuild's AppendTargetFrameworkToOutputPath) are
no longer converted to parentheses. Only known HTML5 and SVG elements
are converted to prevent HTML injection, since GitHub's markdown
renderer cannot interpret custom XML as HTML anyway.

Fixes: safe-outputs add-comment strips < and > from markdown code blocks

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix safe-outputs sanitizer issue with markdown code blocks fix(safe-outputs): preserve custom XML tags, only escape known HTML/SVG elements Feb 25, 2026
@pelikhan pelikhan closed this Feb 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@pelikhan pelikhan

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Safe-outputs add-comment strips < and > from markdown code blocks

2 participants

@pelikhan