fix(cli): escape action content before passing to HTML (#11333)

2026-03-22 05:37:20 +08:00 · 2025-10-13 22:02:26 +07:00
parent baaa41ed99
commit c5e58572d5
1 changed files with 2 additions and 1 deletions
--- a/openhands-cli/openhands_cli/user_actions/agent_action.py
+++ b/openhands-cli/openhands_cli/user_actions/agent_action.py
@@ -1,3 +1,4 @@
+import html
 from prompt_toolkit import HTML, print_formatted_text

 from openhands.sdk.security.confirmation_policy import (
@@ -37,7 +38,7 @@ def ask_user_confirmation(
            or '[unknown action]'
        )
        print_formatted_text(
-            HTML(f'<grey>  {i}. {tool_name}: {action_content}...</grey>')
+            HTML(f'<grey>  {i}. {tool_name}: {html.escape(action_content)}...</grey>')
        )

    question = 'Choose an option:'