← Back to PRs

#15204: fix(ui): preserve angle-bracketed text in chat

by bufordtjustice2918 open 2026-02-13 05:03 View on GitHub →
app: web-ui size: XS
Fixes #15200. Escape angle brackets before markdown rendering so `/approve <id>` displays correctly in the web chat. <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR updates the chat markdown rendering pipeline (`ui/src/ui/markdown.ts`) to pre-escape angle brackets (`<`/`>`) before handing text to `marked.parse`, so command-like strings such as `/approve <id>` display literally instead of being interpreted as HTML. The change is localized to the UI markdown sanitizer and affects all consumers of `toSanitizedMarkdownHtml` (e.g. chat bubbles and the tool output sidebar). <h3>Confidence Score: 4/5</h3> - This PR is likely safe to merge and is narrowly scoped to UI markdown rendering. - Change is small and localized (only escapes angle brackets before markdown parse) and still runs through DOMPurify sanitization. I could not execute marked/node locally in this environment to validate entity-handling behavior end-to-end, so there is a small residual risk of display regressions for inputs containing HTML entities. - ui/src/ui/markdown.ts <sub>Last reviewed commit: bc01ad9</sub> <!-- greptile_other_comments_section --> <sub>(5/5) You can turn off certain types of comments like style [here](https://app.greptile.com/review/github)!</sub> **Context used:** - Context from `dashboard` - CLAUDE.md ([source](https://app.greptile.com/review/custom-context?memory=fd949e91-5c3a-4ab5-90a1-cbe184fd6ce8)) - Context from `dashboard` - AGENTS.md ([source](https://app.greptile.com/review/custom-context?memory=0d0c8278-ef8e-4d6c-ab21-f5527e322f13)) <!-- /greptile_comment -->

Most Similar PRs