fix: add configurable safe-outputs URL sanitization policy for code-region-safe suggestion handling by Copilot · Pull Request #39927 · github/gh-aw

Copilot · 2026-06-18T00:15:25Z

Safe-output URL sanitization is now policy-driven at the safe-outputs frontmatter level, so workflows can choose between strict URL sanitization everywhere and preserving URLs inside code regions (including GitHub suggestion fences) to avoid patch corruption.

Changes

New frontmatter field: safe-outputs.urls with supported values:
- allowed-only (default): sanitize URLs across all content regions
- allowed-or-code-region: sanitize prose while preserving fenced/inline code regions
sanitize_content_core.cjs / sanitize_content.cjs:
- Added policy-based URL sanitization flow
- Wired policy via GH_AW_SAFE_OUTPUTS_URLS
- Preserves suggestion/code-region payloads only when allowed-or-code-region is selected
Compiler and schema updates:
- Added safe-outputs.urls to workflow schema
- Added parsing, validation, and env propagation in safe-outputs compilation
Import/shared workflow support:
- Added safe-outputs merge behavior so urls policy is preserved through imported/shared agentic workflows
Tests:
- Updated sanitizer regression tests for both policy modes
- Added Go tests for policy validation, propagation, and import merge behavior

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

…stion block corruption Safe-output URL sanitization (protocol filtering and domain filtering) now uses applyToNonCodeRegions so that content inside fenced code blocks — including GitHub suggestion blocks — is never rewritten. Previously, sanitizeUrlProtocols and sanitizeUrlDomains were applied to the full output string, which could corrupt apply-ready patch payloads inside ```suggestion fences (e.g. custom-protocol docs crosslinks). Fixes #39793 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot

Pull request overview

This PR fixes safe-output URL sanitization so it does not rewrite content inside fenced code blocks (including GitHub ```suggestion fences), preventing suggestion patch payload corruption while continuing to sanitize URLs in prose.

Changes:

Apply sanitizeUrlProtocols and sanitizeUrlDomains via applyToNonCodeRegions so fenced/inline code is preserved verbatim.
Add regression tests covering protocol and domain sanitization behavior for generic fenced blocks and suggestion blocks.
Adjust a header comment in the setup CLI install script.

Show a summary per file

File	Description
actions/setup/js/sanitize_content_core.cjs	Routes URL protocol/domain sanitization through `applyToNonCodeRegions` to avoid rewriting fenced code content.
actions/setup/js/sanitize_content.test.cjs	Adds regression tests ensuring code fences (including `suggestion`) are preserved while prose is still sanitized.
actions/setup-cli/install.sh	Updates a sync note comment (currently becomes self-referential; see review comment).

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Files reviewed: 3/3 changed files
Comments generated: 1

 set +o histexpand

-# Kept in sync with install-gh-aw.sh — edit that file, then copy to this path.
+# Kept in sync with actions/setup-cli/install.sh — edit this file, then copy to that path.


pelikhan · 2026-06-18T00:34:37Z

@lpcox review please

github-actions · 2026-06-18T05:49:13Z

@copilot review all comments and address unresolved review feedback.

Generated by 👨‍🍳 PR Sous Chef · ◷

github-actions · 2026-06-18T05:49:15Z

Please fix the self-referential sync note in actions/setup-cli/install.sh and push a follow-up commit.

Generated by 👨‍🍳 PR Sous Chef · ◷

github-actions · 2026-06-18T09:11:26Z

@copilot review all comments and address unresolved review feedback.

Please summarize the remaining blockers and next steps so this branch can move forward.

Generated by 👨‍🍳 PR Sous Chef · ◷

github-actions · 2026-06-18T14:41:52Z

@copilot review all comments and address unresolved review feedback.
Please confirm the fenced-code preservation test covers suggestion blocks.

Generated by 👨‍🍳 PR Sous Chef · ◷

github-actions · 2026-06-18T18:23:23Z

\n@copilot review all comments and address unresolved review feedback.\n\npr-sous-chef: fix the self-referential install.sh comment and reply to the unresolved review comment.

Generated by 👨‍🍳 PR Sous Chef · ◷

github-actions · 2026-06-19T00:22:56Z

@copilot review all comments and address unresolved review feedback.

Generated by 👨‍🍳 PR Sous Chef · 71.6 AIC · ⌖ 1 AIC · ⊞ 17.2K · ◷

github-actions · 2026-06-19T01:45:13Z

`
@copilot review all comments and address unresolved review feedback.

Generated by 👨‍🍳 PR Sous Chef · 27.1 AIC · ⌖ 1.07 AIC · ⊞ 17.2K · ◷

github-actions · 2026-06-19T01:45:14Z

`
Please summarize the remaining blocker and rerun the affected checks once the review thread is addressed.

Generated by 👨‍🍳 PR Sous Chef · 27.1 AIC · ⌖ 1.07 AIC · ⊞ 17.2K · ◷

pelikhan · 2026-06-19T01:54:35Z

@copilot add a front matter field to define the URL escaping policy at the safe-outputs level

safe-outputs:
urls: allowed-only, allowed-or-code-region

Current mode is "allowed-only", new mode for code region is "allowed-or-code-region"

Must support import shared agentic workflows

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot · 2026-06-19T02:19:52Z

@copilot add a front matter field to define the URL escaping policy at the safe-outputs level

safe-outputs:...

Implemented in 33928f0 (plus follow-ups 521697f and 8ca74cb):

Added safe-outputs.urls with supported values allowed-only and allowed-or-code-region
Wired schema + frontmatter parsing + validation
Propagated policy to runtime via GH_AW_SAFE_OUTPUTS_URLS
Updated sanitizer behavior to honor policy
Added import-merge support so shared/imported agentic workflows carry this setting
Added regression tests for policy behavior

pelikhan · 2026-06-19T02:38:05Z

@copilot recompile

Copilot · 2026-06-19T02:47:22Z

@copilot recompile

Ran make recompile on this branch at 33928f0; it completed successfully and produced no diffs (working tree stayed clean).

github-actions · 2026-06-19T02:49:27Z

Generated by 👨‍🍳 PR Sous Chef · 42 AIC · ⌖ 1.36 AIC · ⊞ 17.2K · ◷

github-actions · 2026-06-19T02:49:28Z

``
@copilot review all comments and address unresolved review feedback.
Please re-run validation and reply with the updated result.

Generated by 👨‍🍳 PR Sous Chef · 42 AIC · ⌖ 1.36 AIC · ⊞ 17.2K · ◷

Initial plan

94a6a19

Copilot AI assigned Copilot and pelikhan Jun 18, 2026

Copilot started work on behalf of pelikhan June 18, 2026 00:19 View session

Copilot AI and others added 2 commits June 18, 2026 00:21

chore: plan URL sanitization fix for suggestion blocks

9dd901f

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot AI changed the title ~~[WIP] Fix output sanitizer rewriting custom-protocol links~~ fix: preserve fenced code blocks during URL sanitization to prevent suggestion block corruption Jun 18, 2026

Copilot finished work on behalf of pelikhan June 18, 2026 00:26

Copilot AI requested a review from pelikhan June 18, 2026 00:26

pelikhan marked this pull request as ready for review June 18, 2026 00:27

Copilot AI review requested due to automatic review settings June 18, 2026 00:27

Copilot started reviewing on behalf of pelikhan June 18, 2026 00:27 View session

Copilot AI reviewed Jun 18, 2026

View reviewed changes

Comment thread actions/setup-cli/install.sh Outdated

set +o histexpand

# Kept in sync with install-gh-aw.sh — edit that file, then copy to this path.

# Kept in sync with actions/setup-cli/install.sh — edit this file, then copy to that path.

github-actions Bot mentioned this pull request Jun 18, 2026

[aw] No-Op Runs #39849

Open

Merge branch 'main' into copilot/fix-safe-output-sanitizer-issue

d3eb335

github-actions Bot mentioned this pull request Jun 18, 2026

[PR Triage Report] [PR Triage] Copilot Agent PR Queue — 2026-06-18 (Run #27762753975) #40066

Closed

github-actions Bot mentioned this pull request Jun 19, 2026

[Outcome Report] Workflow Health — 2026-06-19 #40184

Open

Copilot started work on behalf of pelikhan June 19, 2026 01:54 View session

Copilot AI and others added 2 commits June 19, 2026 02:09

feat: add safe-outputs urls sanitization policy

efa9f11

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

docs: clarify default safe-outputs url policy behavior

8ca74cb

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot AI and others added 2 commits June 19, 2026 02:16

refactor: reuse urls policy constants in sanitizer

521697f

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

test: tighten default urls policy assertions

33928f0

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

Copilot AI changed the title ~~fix: preserve fenced code blocks during URL sanitization to prevent suggestion block corruption~~ fix: add configurable safe-outputs URL sanitization policy for code-region-safe suggestion handling Jun 19, 2026

Copilot finished work on behalf of pelikhan June 19, 2026 02:20

Copilot started work on behalf of pelikhan June 19, 2026 02:38 View session

Copilot finished work on behalf of pelikhan June 19, 2026 02:47

pelikhan merged commit ea8a782 into main Jun 19, 2026
45 checks passed

pelikhan deleted the copilot/fix-safe-output-sanitizer-issue branch June 19, 2026 02:58

This was referenced Jun 19, 2026

Smoke Test: Copilot - 27803923499 #40214

Closed

[docs] Update glossary - daily scan #40289

Merged

Conversation

Copilot AI commented Jun 18, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Changes

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Copilot's findings

Uh oh!

pelikhan commented Jun 18, 2026

Uh oh!

github-actions Bot commented Jun 18, 2026

Uh oh!

github-actions Bot commented Jun 18, 2026

Uh oh!

github-actions Bot commented Jun 18, 2026

Uh oh!

github-actions Bot commented Jun 18, 2026

Uh oh!

github-actions Bot commented Jun 18, 2026

Uh oh!

github-actions Bot commented Jun 19, 2026

Uh oh!

github-actions Bot commented Jun 19, 2026

Uh oh!

github-actions Bot commented Jun 19, 2026

Uh oh!

pelikhan commented Jun 19, 2026

Uh oh!

Copilot AI commented Jun 19, 2026

Uh oh!

pelikhan commented Jun 19, 2026

Uh oh!

Copilot AI commented Jun 19, 2026

Uh oh!

github-actions Bot commented Jun 19, 2026

Uh oh!

github-actions Bot commented Jun 19, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Copilot AI commented Jun 18, 2026 •

edited

Loading