From d7b7fa3ee22d88402d39285d1a2aac1a5b676e00 Mon Sep 17 00:00:00 2001
From: Xiaobo Liu <cppcoffee@gmail.com>
Date: Tue, 4 Nov 2025 02:16:36 +0800
Subject: [PATCH] agent: Add XML escaping for TextThreadContext title attribute
 (#39734)

Escape special characters (&, <, >, ", ') in the title attribute of
TextThreadContext's XML output to prevent malformed XML when titles
contain these characters.

Resolves TODO at context.rs:629

Release Notes:

- N/A

Signed-off-by: Xiaobo Liu <cppcoffee@gmail.com>
Co-authored-by: Bennet Bo Fenner <bennetbo@gmx.de>
---
 crates/agent_ui/src/context.rs | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/crates/agent_ui/src/context.rs b/crates/agent_ui/src/context.rs
index 2a1ff4a1d9d3e0bb6c8b128cf7f944e9ed3ff657..022f4e4d2ff4ce79aa17efce241b84f1a0640ae3 100644
--- a/crates/agent_ui/src/context.rs
+++ b/crates/agent_ui/src/context.rs
@@ -620,8 +620,18 @@ impl TextThreadContextHandle {
 
 impl Display for TextThreadContext {
     fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result {
-        // TODO: escape title?
-        writeln!(f, "<text_thread title=\"{}\">", self.title)?;
+        write!(f, "<text_thread title=\"")?;
+        for c in self.title.chars() {
+            match c {
+                '&' => write!(f, "&amp;")?,
+                '<' => write!(f, "&lt;")?,
+                '>' => write!(f, "&gt;")?,
+                '"' => write!(f, "&quot;")?,
+                '\'' => write!(f, "&apos;")?,
+                _ => write!(f, "{}", c)?,
+            }
+        }
+        writeln!(f, "\">")?;
         write!(f, "{}", self.text.trim())?;
         write!(f, "\n</text_thread>")
     }