decodeHtmlEntities decoded numeric entities with String.fromCodePoint(parseInt(...)) without a range check, so an out-of-range entity such as � or � threw RangeError and made the whole results page fail to parse. Validate the code point is within 0..0x10FFFF and keep the original entity text otherwise. Add a regression covering decimal and hex out-of-range entities plus a valid astral entity.
* fix(duckduckgo): decode & last in decodeHtmlEntities to avoid double-decoding
decodeHtmlEntities decoded & FIRST, so result text that literally contains
an entity (e.g. a page title 'How to escape < in HTML', which DuckDuckGo
returns double-encoded as '&lt;') was re-decoded into markup: '&lt;'
became '<' instead of the literal '<', corrupting the titles, snippets, and
URLs the web-search tool returns to the model.
Reorder so & is decoded last, matching the established convention elsewhere
in the codebase (msteams/inbound.ts, openai-transport-stream.ts,
launchd-plist.ts, doctor-session-snapshots.ts all decode & last).
Behavior-preserving for all singly-encoded input.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* fix(duckduckgo): decode html entities in one pass
---------
Co-authored-by: ly-wang19 <ly-wang19@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: Vincent Koc <vincentkoc@ieee.org>