Safe-outputs sanitizer strips angle brackets from fenced code blocks #294
Description
Problem
The "sanitize": true flag on the add_comment body field strips < and > characters from the entire comment body, including content inside markdown fenced code blocks (```lang ... ```). This produces garbled output for any language that uses angle brackets in its syntax.
Example
The Repo Assist workflow posted this comment on dotnet/fsharp#6929 with the following code block:
[(Measure)] type rad
[(Literal)]
let pi = 3.14(rad)
The agent almost certainly generated valid F# with angle brackets:
[<Measure>] type rad
[<Literal>]
let pi = 3.14<rad>But the sanitizer stripped every < and >, turning attributes ([<Measure>]) into [(Measure)] and generic syntax (3.14<rad>) into 3.14(rad). The result is syntactically invalid code posted to a public issue — which a maintainer then called out.
Scope
This affects every comment posted by agentic workflows for languages that use angle brackets: F# ([<Attr>], generics), C# (List<int>), C++ (template<T>), Rust (Vec<i32>), TypeScript (Array<string>), HTML, XML, etc.
Where
The sanitize flag is set in the workflow lock file schema, which comes from this workflow source:
{
"required": true,
"type": "string",
"sanitize": true,
"maxLength": 65000
}The sanitizer implementation lives in the agentics framework itself (not the per-repo config).
Expected behavior
Angle brackets inside fenced code blocks should be preserved. Either:
- Parse markdown structure and skip sanitization inside fenced code blocks, or
- HTML-encode
</>to</>instead of stripping them (GitHub renders these correctly in markdown), or - Only strip angle brackets that look like actual HTML tags (e.g.
<script>,<img)
Reproduction
Any agentic workflow with "sanitize": true on comment bodies that posts code containing < or > inside a fenced code block will have those characters silently removed.