[WIP] Fix double escaping of text in titles

actions/setup/js/sanitize_content.test.cjs

@@ -1663,6 +1663,51 @@ describe("sanitize_content.cjs", () => {
       const result = sanitizeContent("@author is allowed", { allowedAliases: ["author"] });
       expect(result).toBe("@author is allowed");
     });
+
+    it("should decode > entity to > to prevent literal > in output", () => {
+      const result = sanitizeContent("value > threshold");
+      expect(result).toBe("value > threshold");
+    });
+
+    it("should decode double-encoded > entity to >", () => {
+      const result = sanitizeContent("value > threshold");
+      expect(result).toBe("value > threshold");
+    });
+
+    it("should decode &lt; entity to < and then neutralize resulting tags", () => {
+      const result = sanitizeContent("&lt;script&gt; injection");
+      // &lt; → < and &gt; → >, then convertXmlTags turns <script> into (script)
+      expect(result).toBe("(script) injection");
+    });
+
+    it("should decode &amp; entity to &", () => {
+      const result = sanitizeContent("cats &amp; dogs");
+      expect(result).toBe("cats & dogs");
+    });
+
+    it("should decode double-encoded &amp;amp; entity to &", () => {
+      const result = sanitizeContent("cats &amp;amp; dogs");
+      expect(result).toBe("cats & dogs");
+    });
+
+    it("should be idempotent - applying sanitizeContent twice gives same result for > character", () => {
+      const input = "value > threshold";
+      const once = sanitizeContent(input);
+      const twice = sanitizeContent(once);
+      expect(once).toBe("value > threshold");
+      expect(twice).toBe(once);
+    });
+
+    it("should be idempotent - sanitizing &gt; twice should not produce &gt; in output", () => {
+      // If agent outputs &gt; because it received &gt; in context, sanitizing should decode it
+      const input = "value &gt; threshold";
+      const once = sanitizeContent(input);
+      const twice = sanitizeContent(once);
+      expect(once).not.toContain("&gt;");
+      expect(once).toBe("value > threshold");
+      // Idempotency: a second pass on the decoded result should not re-introduce &gt;
+      expect(twice).toBe(once);
+    });
   });
 
   describe("template delimiter neutralization (T24)", () => {

actions/setup/js/sanitize_content_core.cjs

@@ -643,8 +643,9 @@ function applyTruncation(content, maxLength) {
 }
 
 /**
- * Decodes HTML entities to prevent bypass of @mention detection.
- * Handles named entities (e.g., @), decimal entities (e.g., @),
+ * Decodes HTML entities to prevent bypass of @mention detection and to ensure
+ * HTML-encoded characters do not persist in sanitized output (e.g. > in titles).
+ * Handles named entities (e.g., @, >, <, &), decimal entities (e.g., @),
  * and hex entities (e.g., @), including double-encoded variants (e.g., @).
  *
  * @param {string} text - Input text that may contain HTML entities
@@ -661,6 +662,16 @@ function decodeHtmlEntities(text) {
   // @ and @ → @
   result = result.replace(/&(?:amp;)?commat;/gi, "@");
 
+  // Decode common named HTML entities (including double-encoded variants)
+  // These prevent HTML-encoded characters from persisting as literal entities
+  // in sanitized output (e.g. a title containing > instead of >).
+  // > and > → >
+  result = result.replace(/&(?:amp;)?gt;/gi, ">");
+  // &lt; and &amp;lt; → < (convertXmlTags will then neutralise any resulting tags)
+  result = result.replace(/&(?:amp;)?lt;/gi, "<");
+  // &amp; and &amp;amp; → & (decoded after gt/lt so &amp;gt; is already handled above)
+  result = result.replace(/&(?:amp;)?amp;/gi, "&");
+
   // Decode decimal entities (including double-encoded variants)
   // &#64; and &amp;#64; → @
   // &#NNN; and &amp;#NNN; → corresponding character

actions/setup/js/sanitize_title.test.cjs

@@ -240,5 +240,43 @@ describe("sanitize_title", () => {
       const sanitized = sanitizeTitle(title);
       expect(sanitized).toBe("`@user` Testtitle with (redacted)");
     });
+
+    it("should decode > in title to prevent literal > appearing in issues", () => {
+      // If an agent outputs a title with > (e.g. because the prompt context contained it),
+      // the sanitizer must decode it back to > so the issue title is not > in markdown.
+      expect(sanitizeTitle("value > threshold")).toBe("value > threshold");
+    });
+
+    it("should decode double-encoded > in title to >", () => {
+      expect(sanitizeTitle("value > threshold")).toBe("value > threshold");
+    });
+
+    it("should decode < in title and neutralize any resulting HTML tags", () => {
+      // &lt;tag&gt; → <tag> → convertXmlTags → (tag)
+      expect(sanitizeTitle("&lt;script&gt; injection")).toBe("(script) injection");
+    });
+
+    it("should decode &amp; in title to &", () => {
+      expect(sanitizeTitle("cats &amp; dogs")).toBe("cats & dogs");
+    });
+
+    it("should be idempotent - sanitizing a title with > twice gives same result", () => {
+      const title = "Fix bug: value > 5";
+      const once = sanitizeTitle(title);
+      const twice = sanitizeTitle(once);
+      expect(once).toBe("Fix bug: value > 5");
+      expect(twice).toBe(once);
+    });
+
+    it("should be idempotent - sanitizing &gt; title twice should not produce &gt;", () => {
+      // Simulates agent outputting &gt; in title because prompt context had HTML-encoded >
+      const title = "Fix bug: value &gt; 5";
+      const once = sanitizeTitle(title);
+      const twice = sanitizeTitle(once);
+      expect(once).not.toContain("&gt;");
+      expect(once).toBe("Fix bug: value > 5");
+      // Idempotency: a second pass on the decoded result should not re-introduce &gt;
+      expect(twice).toBe(once);
+    });
   });
 });