fix(export): escape tool-call name in HTML session export

The HTML session export interpolated the tool-call name into the page
without escaping, while every sibling field went through _escape_html. A
tool-call name is attacker-influenced, so a prompt-injected model can emit
a name containing HTML that executes when the export is opened in a browser.

Escape the tool-call name like the other fields.
This commit is contained in:
Adolanium 2026-07-09 10:28:12 +03:00 committed by Teknium
parent a23d5073fb
commit 1f57ed2a53
2 changed files with 61 additions and 1 deletions

View file

@ -706,7 +706,7 @@ def _generate_messages_html(messages: List[Dict[str, Any]]) -> str:
<div class="tool-call">
<div class="tool-call-header">
{ICON_CHEVRON_RIGHT.replace('class="', 'class="chevron ')}
{ICON_WRENCH} Tool Call: {fn_name}
{ICON_WRENCH} Tool Call: {_escape_html(fn_name)}
</div>
<div class="tool-call-content">
<pre><code>{_escape_html(args)}</code></pre>