FIX: we must properly encode objects prior to escaping (#891)

in cases of arrays escapeHTML will not work)

*

Author: SamSaffron

lib/completions/anthropic_message_processor.rb

@@ -39,7 +39,8 @@ def to_xml_tool_calls(function_buffer)
         )
 
       params = JSON.parse(tool_call.raw_json, symbolize_names: true)
-      xml = params.map { |name, value| "<#{name}>#{CGI.escapeHTML(value)}</#{name}>" }.join("\n")
+      xml =
+        params.map { |name, value| "<#{name}>#{CGI.escapeHTML(value.to_s)}</#{name}>" }.join("\n")
 
       node.at("tool_name").content = tool_call.name
       node.at("tool_id").content = tool_call.id

lib/completions/endpoints/gemini.rb

@@ -179,7 +179,7 @@ def add_to_function_buffer(function_buffer, payload: nil, partial: nil)
           if partial[:args]
             argument_fragments =
               partial[:args].reduce(+"") do |memo, (arg_name, value)|
-                memo << "\n<#{arg_name}>#{CGI.escapeHTML(value)}</#{arg_name}>"
+                memo << "\n<#{arg_name}>#{CGI.escapeHTML(value.to_s)}</#{arg_name}>"
               end
             argument_fragments << "\n"
 

lib/completions/endpoints/open_ai.rb

@@ -173,7 +173,7 @@ def add_to_function_buffer(function_buffer, partial: nil, payload: nil)
 
               argument_fragments =
                 json_args.reduce(+"") do |memo, (arg_name, value)|
-                  memo << "\n<#{arg_name}>#{CGI.escapeHTML(value)}</#{arg_name}>"
+                  memo << "\n<#{arg_name}>#{CGI.escapeHTML(value.to_s)}</#{arg_name}>"
                 end
               argument_fragments << "\n"