Skip to content

Sanitize Tags Unicode Block at prompt level #4047

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
amed-xyz merged 2 commits into from
Aug 15, 2025
Merged

Sanitize Tags Unicode Block at prompt level #4047

amed-xyz merged 2 commits into from
Aug 15, 2025

Conversation

@amed-xyz
Copy link
Collaborator

@amed-xyz amed-xyz commented Aug 12, 2025
edited
Loading

Follow up from

Adds sanitization at prompt level to detect and remove invisible Unicode Tags characters that could be used by malicious actors through Recipes, Extensions or custom prompts.

@amed-xyz amed-xyz self-assigned this Aug 12, 2025
@amed-xyz amed-xyz changed the title sanitize prompt Sanitize Tags Unicode Block at prompt level Aug 12, 2025
@amed-xyz amed-xyz force-pushed the amed/sanitize-prompt-level branch from 08382b8 to 464306c Compare August 14, 2025 18:09
@amed-xyz amed-xyz force-pushed the amed/sanitize-prompt-level branch from 464306c to 5fdefcd Compare August 14, 2025 22:16
@amed-xyz amed-xyz merged commit 6e022a9 into main Aug 15, 2025
10 checks passed
@amed-xyz amed-xyz deleted the amed/sanitize-prompt-level branch August 15, 2025 16:12
@amed-xyz amed-xyz mentioned this pull request Aug 15, 2025
Merged
zanesq added a commit that referenced this pull request Aug 15, 2025
@zanesq
Merge branch 'main' of github.com:block/goose into zane/upgrade-npm-p…
62ce9b4 
…ackages

* 'main' of github.com:block/goose:
  feat: iterating on summarize oneshot prompt (#4113)
  feat(mcp): Persist OAuth credentials to keyring (#4007)
  Sanitize Tags Unicode Block at prompt level (#4047)
  Fixing typos (#4114)
jsibbison-square added a commit that referenced this pull request Aug 18, 2025
@jsibbison-square
Merge remote-tracking branch 'origin/main' into jsibbison-20250811-to…
18b2d76 
…ol-visibility

* origin/main: (26 commits)
  feat: adds cursor-agent as a cli provider (#4101)
  chore: remove vector search tool selection strategy (#3933)
  docs: add streamable_http install links (#4130)
  feat: iterating on summarize oneshot prompt (#4113)
  feat(mcp): Persist OAuth credentials to keyring (#4007)
  Sanitize Tags Unicode Block at prompt level (#4047)
  Fixing typos (#4114)
  chore(release): release version 1.4.0 (#4069)
  E2E tests working again (#4103)
  chore: Delete ARCHITECTURE.md (#4108)
  Add Youtube short to Kiwi MCP tutorial (#4107)
  docs: fix experimental warning (#4102)
  fix not being able to add spaces to activity message area (#4055)
  remove and cleanup unused code (#4074)
  docs: Add missing references to smart_approve mode. (#4094)
  quick typo fix pulse blog (#4095)
  fix: update dictation settings handling and improve user feedback (#4093)
  chore: add info tooltip to share session button (#4038)
  Reroute routes (#4088)
  fix(cli): fix compiling issue on windows system by adding a missing param (#4019)
  ...
This was referenced Aug 18, 2025
Closed
Merged
katzdave added a commit that referenced this pull request Aug 18, 2025
@katzdave
Merge branch 'main' of github.com:block/goose into dkatz/auto-compact…
e261482 
…-messaging

* 'main' of github.com:block/goose: (26 commits)
  fix: consistent font sizing in ToolCallWithResponse (#4167)
  Temporarily disable TODO Tool (#4158)
  docs: add integrated MCP server config to jetbrains tutorial  (#4120)
  docs: remove figma MCP from suggested servers (#4123)
  Blog: The AI Skeptic’s Guide to Context Windows (#4152)
  Docs: Auto-compact context (#4116)
  chore(deps): bump brace-expansion from 1.1.11 to 1.1.12 in /documentation (#4149)
  Recipe config to limit tool availability (#4020)
  docs: fix warning message (#4148)
  feat: adds cursor-agent as a cli provider (#4101)
  chore: remove vector search tool selection strategy (#3933)
  docs: add streamable_http install links (#4130)
  feat: iterating on summarize oneshot prompt (#4113)
  feat(mcp): Persist OAuth credentials to keyring (#4007)
  Sanitize Tags Unicode Block at prompt level (#4047)
  Fixing typos (#4114)
  chore(release): release version 1.4.0 (#4069)
  E2E tests working again (#4103)
  chore: Delete ARCHITECTURE.md (#4108)
  Add Youtube short to Kiwi MCP tutorial (#4107)
  ...
michaelneale added a commit that referenced this pull request Aug 19, 2025
@michaelneale
Merge branch 'main' into micn/hi-viz-autovisualiser
eb9d1f9 
* main: (67 commits)
  blog: Transforming AI Assistance with Goose Mentor Mode (#4151)
  upgraded all npm packages and fixed related issues (#4072)
  Docs: @-mentions in goosehints (#4171)
  fix: consistent font sizing in ToolCallWithResponse (#4167)
  Temporarily disable TODO Tool (#4158)
  docs: add integrated MCP server config to jetbrains tutorial  (#4120)
  docs: remove figma MCP from suggested servers (#4123)
  Blog: The AI Skeptic’s Guide to Context Windows (#4152)
  Docs: Auto-compact context (#4116)
  chore(deps): bump brace-expansion from 1.1.11 to 1.1.12 in /documentation (#4149)
  Recipe config to limit tool availability (#4020)
  docs: fix warning message (#4148)
  feat: adds cursor-agent as a cli provider (#4101)
  chore: remove vector search tool selection strategy (#3933)
  docs: add streamable_http install links (#4130)
  feat: iterating on summarize oneshot prompt (#4113)
  feat(mcp): Persist OAuth credentials to keyring (#4007)
  Sanitize Tags Unicode Block at prompt level (#4047)
  Fixing typos (#4114)
  chore(release): release version 1.4.0 (#4069)
  ...
michaelneale added a commit that referenced this pull request Aug 19, 2025
@michaelneale
Merge branch 'main' into micn/multi-model-multi-provider-autopilot
a74ec94 
* main: (67 commits)
  blog: Transforming AI Assistance with Goose Mentor Mode (#4151)
  upgraded all npm packages and fixed related issues (#4072)
  Docs: @-mentions in goosehints (#4171)
  fix: consistent font sizing in ToolCallWithResponse (#4167)
  Temporarily disable TODO Tool (#4158)
  docs: add integrated MCP server config to jetbrains tutorial  (#4120)
  docs: remove figma MCP from suggested servers (#4123)
  Blog: The AI Skeptic’s Guide to Context Windows (#4152)
  Docs: Auto-compact context (#4116)
  chore(deps): bump brace-expansion from 1.1.11 to 1.1.12 in /documentation (#4149)
  Recipe config to limit tool availability (#4020)
  docs: fix warning message (#4148)
  feat: adds cursor-agent as a cli provider (#4101)
  chore: remove vector search tool selection strategy (#3933)
  docs: add streamable_http install links (#4130)
  feat: iterating on summarize oneshot prompt (#4113)
  feat(mcp): Persist OAuth credentials to keyring (#4007)
  Sanitize Tags Unicode Block at prompt level (#4047)
  Fixing typos (#4114)
  chore(release): release version 1.4.0 (#4069)
  ...
ayax79 pushed a commit to ayax79/goose that referenced this pull request Aug 21, 2025
@amed-xyz
Sanitize Tags Unicode Block at prompt level (block#4047)
cb71e1e 
Signed-off-by: Jack Wright <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexhancock alexhancock alexhancock approved these changes

Assignees

@amed-xyz amed-xyz

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@amed-xyz @alexhancock