What is the correct character escaping for workflow command values e.g. echo ::error::XXXX

I’m using the “echo” approach to add annotations to give errors for test failures. I’m including the error message from the test which could contain arbitrary characters, and I couldn’t see from https://help.github.com/en/actions/reference/workflow-commands-for-github-actions what kind of escaping I need to perform on the command value?

From hacking around it looks like colons are OK but there’s something special going on with % characters (e.g. %0A produces a newline), maybe I should be doing URL encoding? But it doesn’t seem like other URL chars are encoded, so I’m not sure. Would be great if someone could definitively confirm what encoding is needed for safely representing string as workflow command values
e.g.
echo “::error::This is a message with chars !*’();:@&=+$,/?# with %25 and %0A in it”

Hello – we’re trying to reproduce this on our end:

Are you able to share a copy of your workflow file?

If the repository is public, could you link that to us as well?

For more context, could you let us know what the expected behaviour of the workflow run is versus what is being outputted now?

Thank you!

Hi this isn’t a bug report so there’s nothing to repo really - I’m asking a question about how your API works so that I can make sure when I output a message using echo “::error::XXXXX" syntax the XXXXX shows up as I expect. Clearly there is some special handling for % escape sequences otherwise
echo “::error::This is a message with chars !*’();:@&=+$,/?# with %25 and %0A in it”
would result in a message containing “%25 and %0A” rather than what it actually does which is to convert %25 to a % and %0A to a newline. I don’t think that’s a bug, but I do what to know the specification for exactly what GitHub is doing with these strings as it’s not obvious. And because I don’t want to start relying on behaviour that is not officially supported. Thanks

Hi there, any input on this? Really need a definitive answer from GitHub on how this works, thanks.

1 Like

Hi, sorry for the delay.

The actions/toolkit has a way to sanitize an input into a string – could you give these commands a try?

2 Likes