From b95118653c217a35f41a13abb6e37137c943bcc6 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 4 Mar 2026 08:10:49 +0000
Subject: [PATCH 1/2] Initial plan


From 8834c02b91331ea552d3c78e20a4205ebbb5f7da Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 4 Mar 2026 08:46:27 +0000
Subject: [PATCH 2/2] fix: decode &gt;, &lt;, &amp; HTML entities in sanitize
 pipeline to prevent literal &gt; in issue titles

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
---
 actions/setup/js/sanitize_content.test.cjs | 45 ++++++++++++++++++++++
 actions/setup/js/sanitize_content_core.cjs | 15 +++++++-
 actions/setup/js/sanitize_title.test.cjs   | 38 ++++++++++++++++++
 3 files changed, 96 insertions(+), 2 deletions(-)

diff --git a/actions/setup/js/sanitize_content.test.cjs b/actions/setup/js/sanitize_content.test.cjs
index 8c383588624..f9bd765dbcb 100644
--- a/actions/setup/js/sanitize_content.test.cjs
+++ b/actions/setup/js/sanitize_content.test.cjs
@@ -1663,6 +1663,51 @@ describe("sanitize_content.cjs", () => {
       const result = sanitizeContent("&commat;author is allowed", { allowedAliases: ["author"] });
       expect(result).toBe("@author is allowed");
     });
+
+    it("should decode &gt; entity to > to prevent literal &gt; in output", () => {
+      const result = sanitizeContent("value &gt; threshold");
+      expect(result).toBe("value > threshold");
+    });
+
+    it("should decode double-encoded &amp;gt; entity to >", () => {
+      const result = sanitizeContent("value &amp;gt; threshold");
+      expect(result).toBe("value > threshold");
+    });
+
+    it("should decode &lt; entity to < and then neutralize resulting tags", () => {
+      const result = sanitizeContent("&lt;script&gt; injection");
+      // &lt; → < and &gt; → >, then convertXmlTags turns <script> into (script)
+      expect(result).toBe("(script) injection");
+    });
+
+    it("should decode &amp; entity to &", () => {
+      const result = sanitizeContent("cats &amp; dogs");
+      expect(result).toBe("cats & dogs");
+    });
+
+    it("should decode double-encoded &amp;amp; entity to &", () => {
+      const result = sanitizeContent("cats &amp;amp; dogs");
+      expect(result).toBe("cats & dogs");
+    });
+
+    it("should be idempotent - applying sanitizeContent twice gives same result for > character", () => {
+      const input = "value > threshold";
+      const once = sanitizeContent(input);
+      const twice = sanitizeContent(once);
+      expect(once).toBe("value > threshold");
+      expect(twice).toBe(once);
+    });
+
+    it("should be idempotent - sanitizing &gt; twice should not produce &gt; in output", () => {
+      // If agent outputs &gt; because it received &gt; in context, sanitizing should decode it
+      const input = "value &gt; threshold";
+      const once = sanitizeContent(input);
+      const twice = sanitizeContent(once);
+      expect(once).not.toContain("&gt;");
+      expect(once).toBe("value > threshold");
+      // Idempotency: a second pass on the decoded result should not re-introduce &gt;
+      expect(twice).toBe(once);
+    });
   });
 
   describe("template delimiter neutralization (T24)", () => {
diff --git a/actions/setup/js/sanitize_content_core.cjs b/actions/setup/js/sanitize_content_core.cjs
index ea83b2b8071..93513966e53 100644
--- a/actions/setup/js/sanitize_content_core.cjs
+++ b/actions/setup/js/sanitize_content_core.cjs
@@ -643,8 +643,9 @@ function applyTruncation(content, maxLength) {
 }
 
 /**
- * Decodes HTML entities to prevent bypass of @mention detection.
- * Handles named entities (e.g., &commat;), decimal entities (e.g., &#64;),
+ * Decodes HTML entities to prevent bypass of @mention detection and to ensure
+ * HTML-encoded characters do not persist in sanitized output (e.g. &gt; in titles).
+ * Handles named entities (e.g., &commat;, &gt;, &lt;, &amp;), decimal entities (e.g., &#64;),
  * and hex entities (e.g., &#x40;), including double-encoded variants (e.g., &amp;commat;).
  *
  * @param {string} text - Input text that may contain HTML entities
@@ -661,6 +662,16 @@ function decodeHtmlEntities(text) {
   // &commat; and &amp;commat; → @
   result = result.replace(/&(?:amp;)?commat;/gi, "@");
 
+  // Decode common named HTML entities (including double-encoded variants)
+  // These prevent HTML-encoded characters from persisting as literal entities
+  // in sanitized output (e.g. a title containing &gt; instead of >).
+  // &gt; and &amp;gt; → >
+  result = result.replace(/&(?:amp;)?gt;/gi, ">");
+  // &lt; and &amp;lt; → < (convertXmlTags will then neutralise any resulting tags)
+  result = result.replace(/&(?:amp;)?lt;/gi, "<");
+  // &amp; and &amp;amp; → & (decoded after gt/lt so &amp;gt; is already handled above)
+  result = result.replace(/&(?:amp;)?amp;/gi, "&");
+
   // Decode decimal entities (including double-encoded variants)
   // &#64; and &amp;#64; → @
   // &#NNN; and &amp;#NNN; → corresponding character
diff --git a/actions/setup/js/sanitize_title.test.cjs b/actions/setup/js/sanitize_title.test.cjs
index 505240b8bd1..9f322c1ad97 100644
--- a/actions/setup/js/sanitize_title.test.cjs
+++ b/actions/setup/js/sanitize_title.test.cjs
@@ -240,5 +240,43 @@ describe("sanitize_title", () => {
       const sanitized = sanitizeTitle(title);
       expect(sanitized).toBe("`@user` Testtitle with (redacted)");
     });
+
+    it("should decode &gt; in title to prevent literal &gt; appearing in issues", () => {
+      // If an agent outputs a title with &gt; (e.g. because the prompt context contained it),
+      // the sanitizer must decode it back to > so the issue title is not &gt; in markdown.
+      expect(sanitizeTitle("value &gt; threshold")).toBe("value > threshold");
+    });
+
+    it("should decode double-encoded &amp;gt; in title to >", () => {
+      expect(sanitizeTitle("value &amp;gt; threshold")).toBe("value > threshold");
+    });
+
+    it("should decode &lt; in title and neutralize any resulting HTML tags", () => {
+      // &lt;tag&gt; → <tag> → convertXmlTags → (tag)
+      expect(sanitizeTitle("&lt;script&gt; injection")).toBe("(script) injection");
+    });
+
+    it("should decode &amp; in title to &", () => {
+      expect(sanitizeTitle("cats &amp; dogs")).toBe("cats & dogs");
+    });
+
+    it("should be idempotent - sanitizing a title with > twice gives same result", () => {
+      const title = "Fix bug: value > 5";
+      const once = sanitizeTitle(title);
+      const twice = sanitizeTitle(once);
+      expect(once).toBe("Fix bug: value > 5");
+      expect(twice).toBe(once);
+    });
+
+    it("should be idempotent - sanitizing &gt; title twice should not produce &gt;", () => {
+      // Simulates agent outputting &gt; in title because prompt context had HTML-encoded >
+      const title = "Fix bug: value &gt; 5";
+      const once = sanitizeTitle(title);
+      const twice = sanitizeTitle(once);
+      expect(once).not.toContain("&gt;");
+      expect(once).toBe("Fix bug: value > 5");
+      // Idempotency: a second pass on the decoded result should not re-introduce &gt;
+      expect(twice).toBe(once);
+    });
   });
 });