Fix escaping of interpolated arguments in markup#2118
Merged
patriksvensson merged 1 commit intoMay 12, 2026
Merged
Conversation
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
GrantTotinov
force-pushed
the
fix-1763-escape-interpolated
branch
from
f59f08e to
fa2b54d
Compare
This was referenced Jun 11, 2026
This was referenced Jun 15, 2026
agocke
pushed a commit
to serdedotnet/serde.cmdline
that referenced
this pull request
Jun 15, 2026
Updated [Spectre.Console](https://github.com/spectreconsole/spectre.console) from 0.55.0 to 0.57.0. <details> <summary>Release notes</summary> _Sourced from [Spectre.Console's releases](https://github.com/spectreconsole/spectre.console/releases)._ ## 0.57.0 ## What's Changed * Make source generator output deterministic (LF, no BOM) by [@phil-scott-78](https://github.com/phil-scott-78) in [#2143](spectreconsole/spectre.console#2143) * Add new box border styles including beveled, dashed, dotted, heavy, and rounded variants by [@phil-scott-78](https://github.com/phil-scott-78) in [#2142](spectreconsole/spectre.console#2142) * Should preserve auto links when wrapped in grid by [@patriksvensson](https://github.com/patriksvensson) in [#2149](spectreconsole/spectre.console#2149) **Full Changelog**: spectreconsole/spectre.console@0.56.0...0.57.0 ## 0.56.0 ## What's Changed * Ensure redirected output works as expected by [@patriksvensson](https://github.com/patriksvensson) in [#2098](spectreconsole/spectre.console#2098) * Add missing text prompt suffix by [@merklegroot](https://github.com/merklegroot) in [#2102](spectreconsole/spectre.console#2102) * Fix Align measure to respect explicitly set width by [@GrantTotinov](https://github.com/GrantTotinov) in [#2101](spectreconsole/spectre.console#2101) * Option to exclude vertical padding for live progress renderer by [@james-newell-forge](https://github.com/james-newell-forge) in [#2100](spectreconsole/spectre.console#2100) * Don't emit ANSI sequence for 0 movement by [@merklegroot](https://github.com/merklegroot) in [#2104](spectreconsole/spectre.console#2104) * ConfirmationPrompt: Allow submission without Enter key by [@patriksvensson](https://github.com/patriksvensson) in [#2111](spectreconsole/spectre.console#2111) * Add two new layout modes for FigletText by [@patriksvensson](https://github.com/patriksvensson) in [#2066](spectreconsole/spectre.console#2066) * Fix escaping of interpolated arguments in markup by [@GrantTotinov](https://github.com/GrantTotinov) in [#2118](spectreconsole/spectre.console#2118) * Allow validation chaining by [@AntekOlszewski](https://github.com/AntekOlszewski) in [#2116](spectreconsole/spectre.console#2116) * Fix grid regression where expansion did not work by [@patriksvensson](https://github.com/patriksvensson) in [#2127](spectreconsole/spectre.console#2127) * Preserve links in segments by [@patriksvensson](https://github.com/patriksvensson) in [#2135](spectreconsole/spectre.console#2135) ## New Contributors * [@merklegroot](https://github.com/merklegroot) made their first contribution in [#2102](spectreconsole/spectre.console#2102) * [@GrantTotinov](https://github.com/GrantTotinov) made their first contribution in [#2101](spectreconsole/spectre.console#2101) * [@james-newell-forge](https://github.com/james-newell-forge) made their first contribution in [#2100](spectreconsole/spectre.console#2100) **Full Changelog**: spectreconsole/spectre.console@0.55.2...0.56.0 ## 0.55.2 ## What's Changed * Support variation selectors, ZWJ sequences and surrogate pairs in length calculation by @fabsenet in spectreconsole/spectre.console#2082 * Add default value to selection prompt and multiselection prompt by @AntekOlszewski in spectreconsole/spectre.console#2079 ## New Contributors * @fabsenet made their first contribution in spectreconsole/spectre.console#2082 **Full Changelog**: spectreconsole/spectre.console@0.55.1...0.55.2 ## 0.55.1 ## What's Changed * Add tests to verify public API by @patriksvensson in spectreconsole/spectre.console#2073 * use StringComparer.OrdinalIgnoreCase as default comparer for TextPrompt by @AntekOlszewski in spectreconsole/spectre.console#2077 * Fix markup link rendering regression by @patriksvensson in spectreconsole/spectre.console#2084 * Add VS16 suffix to non-presentation emojis by @patriksvensson in spectreconsole/spectre.console#2087 * Ensure rendered exceptions take up minimal space by @patriksvensson in spectreconsole/spectre.console#2089 * Fix link parsing to terminate properly by @zhuman in spectreconsole/spectre.console#2091 ## New Contributors * @zhuman made their first contribution in spectreconsole/spectre.console#2091 **Full Changelog**: spectreconsole/spectre.console@0.55.0...0.55.1 Commits viewable in [compare view](spectreconsole/spectre.console@0.55.0...0.57.0). </details> Updated [Spectre.Console.Testing](https://github.com/spectreconsole/spectre.console) from 0.55.0 to 0.57.0. <details> <summary>Release notes</summary> _Sourced from [Spectre.Console.Testing's releases](https://github.com/spectreconsole/spectre.console/releases)._ ## 0.57.0 ## What's Changed * Make source generator output deterministic (LF, no BOM) by [@phil-scott-78](https://github.com/phil-scott-78) in [#2143](spectreconsole/spectre.console#2143) * Add new box border styles including beveled, dashed, dotted, heavy, and rounded variants by [@phil-scott-78](https://github.com/phil-scott-78) in [#2142](spectreconsole/spectre.console#2142) * Should preserve auto links when wrapped in grid by [@patriksvensson](https://github.com/patriksvensson) in [#2149](spectreconsole/spectre.console#2149) **Full Changelog**: spectreconsole/spectre.console@0.56.0...0.57.0 ## 0.56.0 ## What's Changed * Ensure redirected output works as expected by [@patriksvensson](https://github.com/patriksvensson) in [#2098](spectreconsole/spectre.console#2098) * Add missing text prompt suffix by [@merklegroot](https://github.com/merklegroot) in [#2102](spectreconsole/spectre.console#2102) * Fix Align measure to respect explicitly set width by [@GrantTotinov](https://github.com/GrantTotinov) in [#2101](spectreconsole/spectre.console#2101) * Option to exclude vertical padding for live progress renderer by [@james-newell-forge](https://github.com/james-newell-forge) in [#2100](spectreconsole/spectre.console#2100) * Don't emit ANSI sequence for 0 movement by [@merklegroot](https://github.com/merklegroot) in [#2104](spectreconsole/spectre.console#2104) * ConfirmationPrompt: Allow submission without Enter key by [@patriksvensson](https://github.com/patriksvensson) in [#2111](spectreconsole/spectre.console#2111) * Add two new layout modes for FigletText by [@patriksvensson](https://github.com/patriksvensson) in [#2066](spectreconsole/spectre.console#2066) * Fix escaping of interpolated arguments in markup by [@GrantTotinov](https://github.com/GrantTotinov) in [#2118](spectreconsole/spectre.console#2118) * Allow validation chaining by [@AntekOlszewski](https://github.com/AntekOlszewski) in [#2116](spectreconsole/spectre.console#2116) * Fix grid regression where expansion did not work by [@patriksvensson](https://github.com/patriksvensson) in [#2127](spectreconsole/spectre.console#2127) * Preserve links in segments by [@patriksvensson](https://github.com/patriksvensson) in [#2135](spectreconsole/spectre.console#2135) ## New Contributors * [@merklegroot](https://github.com/merklegroot) made their first contribution in [#2102](spectreconsole/spectre.console#2102) * [@GrantTotinov](https://github.com/GrantTotinov) made their first contribution in [#2101](spectreconsole/spectre.console#2101) * [@james-newell-forge](https://github.com/james-newell-forge) made their first contribution in [#2100](spectreconsole/spectre.console#2100) **Full Changelog**: spectreconsole/spectre.console@0.55.2...0.56.0 ## 0.55.2 ## What's Changed * Support variation selectors, ZWJ sequences and surrogate pairs in length calculation by @fabsenet in spectreconsole/spectre.console#2082 * Add default value to selection prompt and multiselection prompt by @AntekOlszewski in spectreconsole/spectre.console#2079 ## New Contributors * @fabsenet made their first contribution in spectreconsole/spectre.console#2082 **Full Changelog**: spectreconsole/spectre.console@0.55.1...0.55.2 ## 0.55.1 ## What's Changed * Add tests to verify public API by @patriksvensson in spectreconsole/spectre.console#2073 * use StringComparer.OrdinalIgnoreCase as default comparer for TextPrompt by @AntekOlszewski in spectreconsole/spectre.console#2077 * Fix markup link rendering regression by @patriksvensson in spectreconsole/spectre.console#2084 * Add VS16 suffix to non-presentation emojis by @patriksvensson in spectreconsole/spectre.console#2087 * Ensure rendered exceptions take up minimal space by @patriksvensson in spectreconsole/spectre.console#2089 * Fix link parsing to terminate properly by @zhuman in spectreconsole/spectre.console#2091 ## New Contributors * @zhuman made their first contribution in spectreconsole/spectre.console#2091 **Full Changelog**: spectreconsole/spectre.console@0.55.0...0.55.1 Commits viewable in [compare view](spectreconsole/spectre.console@0.55.0...0.57.0). </details> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This was referenced Jun 15, 2026
Closed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #1763
Changes
Previously, only string arguments were escaped in
Markup.EscapeInterpolated.This caused runtime crashes when non-string objects were interpolated and their
ToString()output contained markup-sensitive characters (e.g. square brackets), which were then interpreted as markup.This change ensures that all interpolated arguments are consistently converted to string and escaped before formatting, preventing unintended markup parsing and runtime exceptions.
A regression test was added for objects whose
ToString()contains square brackets.Please upvote 👍 this pull request if you are interested in it.