From dbb24fec77d10e99ff270e67ae384083f6b19c78 Mon Sep 17 00:00:00 2001
From: hanishkvc <hanishkvc@gmail.com>
Date: Fri, 24 Oct 2025 03:00:09 +0530
Subject: [PATCH] SimpleChatTC:ToolResponse: Use browser dom for xml/html safe

Instead of simple concatenating of tool call id, name and result
now use browser's dom logic to create the xml structure used for
now to store these within content field.

This should take care of transforming / escaping any xml special
chars in the result, so that extracting them later for putting
into different fields in the server handshake doesnt have any
problem.
---
 tools/server/public_simplechat/simplechat.js | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/tools/server/public_simplechat/simplechat.js b/tools/server/public_simplechat/simplechat.js
index cdaf47bcd1..6f4d55940c 100644
--- a/tools/server/public_simplechat/simplechat.js
+++ b/tools/server/public_simplechat/simplechat.js
@@ -79,12 +79,21 @@ class ChatMessageEx {
 
     /**
      * Create a all in one tool call result string
+     * Use browser's dom logic to handle strings in a xml/html safe way by escaping things where needed,
+     * so that extracting the same later doesnt create any problems.
      * @param {string} toolCallId
      * @param {string} toolName
      * @param {string} toolResult
      */
     static createToolCallResultAllInOne(toolCallId, toolName, toolResult) {
-        return `<tool_response> <id>${toolCallId}</id> <name>${toolName}</name> <content>${toolResult}</content> </tool_response>`;
+        let dp = new DOMParser()
+        let doc = dp.parseFromString("<tool_response></tool_response>", "text/xml")
+        for (const k of [["id", toolCallId], ["name", toolName], ["content", toolResult]]) {
+            let el = doc.createElement(k[0])
+            el.appendChild(doc.createTextNode(k[1]))
+            doc.documentElement.appendChild(el)
+        }
+        return new XMLSerializer().serializeToString(doc);
     }
 
     /**