aws · ashishrp-aws · Oct 9, 2025 · Oct 9, 2025 · Oct 9, 2025 · Oct 10, 2025
@@ -0,0 +1,46 @@
+import * as assert from 'assert'
+import { unescapeHtml } from './textFormatting'
+
+describe('textFormatting', () => {
+    describe('unescapeHtml', () => {
+        it('unescapes HTML entities', () => {
+            assert.strictEqual(unescapeHtml('&lt;div&gt;'), '<div>')
+            assert.strictEqual(unescapeHtml('&quot;hello&quot;'), '"hello"')
+            assert.strictEqual(unescapeHtml('&#39;world&#39;'), "'world'")
+            assert.strictEqual(unescapeHtml('foo &amp; bar'), 'foo & bar')
+        })
+
+        it('unescapes backslash-escaped angle brackets', () => {
+            assert.strictEqual(unescapeHtml('\\<tag\\>'), '<tag>')
+            assert.strictEqual(unescapeHtml('a \\< b \\> c'), 'a < b > c')
+        })
+
+        it('handles both HTML entities and backslash escaping together', () => {
+            const input = '[!@#$%^&amp;*()_+\\-=\\[\\]{}|;&#39;:&quot;,./\\<\\>?]'
+            const expected = '[!@#$%^&*()_+\\-=\\[\\]{}|;\':\",./<>?]'
+            assert.strictEqual(unescapeHtml(input), expected)
+        })
+
+        it('handles regex patterns with escaped characters', () => {
+            const input = "re.search(r'[!@#$%^&amp;*()_+\\-=\\[\\]{}|;&#39;:&quot;,./\\<\\>?]', password)"
+            const expected = "re.search(r'[!@#$%^&*()_+\\-=\\[\\]{}|;\':\",./<>?]', password)"
+            assert.strictEqual(unescapeHtml(input), expected)
+        })
+
+        it('returns unchanged text when no escaping is present', () => {
+            assert.strictEqual(unescapeHtml('hello world'), 'hello world')
+            assert.strictEqual(unescapeHtml('no special chars'), 'no special chars')
+        })
+
+        it('handles empty string', () => {
+            assert.strictEqual(unescapeHtml(''), '')
+        })
+
+        it('handles mixed content', () => {
+            assert.strictEqual(
+                unescapeHtml('Text with &lt;html&gt; and \\<escaped\\> brackets'),
+                'Text with <html> and <escaped> brackets'
+            )
+        })
+    })
+})
@@ -1,5 +1,29 @@
 import { ToolUse } from '@amzn/codewhisperer-streaming'
 
+/**
+ * Unescapes HTML entities and backslash-escaped angle brackets in a string.
+ * This reverses:
+ * 1. HTML escaping done by escape-html: " → &quot;, & → &amp;, ' → &#39;, < → &lt;, > → &gt;
+ * 2. Backslash escaping of angle brackets that may appear in the LLM response: \< → <, \> → >
+ */
+export function unescapeHtml(text: string): string {
+    const htmlEntities: Record<string, string> = {
+        '&amp;': '&',
+        '&lt;': '<',
+        '&gt;': '>',
+        '&quot;': '"',
+        '&#39;': "'",
+    }
+    // First unescape HTML entities
+    let result = text.replace(/&(?:amp|lt|gt|quot|#39);/g, match => htmlEntities[match] || match)
+
+    // Then unescape backslash-escaped angle brackets (but only when they appear as \< or \>)
+    // This handles cases where the LLM returns literal backslash-escaped angle brackets
+    result = result.replace(/\\</g, '<').replace(/\\>/g, '>')
+
+    return result
+}
+
 function codeBlocked(s: string) {
     const codeBlock = `\`\`\`\``
 

@@ -2,6 +2,7 @@ import { CommandValidation, ExplanatoryParams, InvokeOutput, requiresPathAccepta
 import { EmptyPathError, EmptyDiffsError, FileNotExistsError, TextNotFoundError, MultipleMatchesError } from '../errors'
 import { Features } from '@aws/language-server-runtimes/server-interface/server'
 import { sanitize } from '@aws/lsp-core/out/util/path'
+import { unescapeHtml } from '../textFormatting'
 import * as os from 'os'
 
 interface BaseParams extends ExplanatoryParams {
@@ -138,9 +139,13 @@ const getReplaceContent = (params: ReplaceParams, fileContent: string) => {
             continue
         }
 
+        // Unescape HTML entities in oldStr since the prompt was HTML-escaped before being sent to LLM
+        const unescapedOldStr = unescapeHtml(diff.oldStr)
+        const unescapedNewStr = unescapeHtml(diff.newStr)
+
         // Normalize oldStr and newStr to match fileContent's line ending style
-        const normalizedOldStr = diff.oldStr.split(/\r\n|\r|\n/).join(lineEnding)
-        const normalizedNewStr = diff.newStr.split(/\r\n|\r|\n/).join(lineEnding)
+        const normalizedOldStr = unescapedOldStr.split(/\r\n|\r|\n/).join(lineEnding)
+        const normalizedNewStr = unescapedNewStr.split(/\r\n|\r|\n/).join(lineEnding)
 
         // Use string indexOf and substring for safer replacement with special characters
         const startIndex = fileContent.indexOf(normalizedOldStr)