github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-06 19:08:59 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[GH-ISSUE #19101] issue: RAG template query placeholder escaping logic error #57439

New Issue
Closed
opened 2026-05-05 20:56:19 -05:00 by GiteaMirror · 1 comment
GiteaMirror commented 2026-05-05 20:56:19 -05:00
Owner
Copy Link

Originally created by @matiboux on GitHub (Nov 11, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/19101

Check Existing Issues

  • I have searched for any existing and/or related issues.
  • I have searched for any existing and/or related discussions.
  • I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!).
  • I am using the latest version of Open WebUI.

Installation Method

Git Clone

Open WebUI Version

v0.6.36

Ollama Version (if applicable)

No response

Operating System

Ubuntu 24.04 LTS (WSL2)

Browser (if applicable)

No response

Confirmation

  • I have read and followed all instructions in README.md.
  • I am using the latest version of both Open WebUI and Ollama.
  • I have included the browser console logs.
  • I have included the Docker container logs.
  • I have provided every relevant configuration, setting, and environment variable used in my setup.
  • I have clearly listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc).
  • I have documented step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation. My steps:
  • Start with the initial platform/version/OS and dependencies used,
  • Specify exact install/launch/configure commands,
  • List URLs visited, user input (incl. example values/emails/passwords if needed),
  • Describe all options and toggles enabled or changed,
  • Include any files or environmental changes,
  • Identify the expected and actual result at each stage,
  • Ensure any reasonably skilled user can follow and hit the same issue.

Expected Behavior

When a RAG context (from tool results or otherwise) contains the string "{{QUERY}}" or "[query]", then the RAG template formatting is expected to escape these occurrences and use its own unique query placeholder string, ensuring it does not modify or replace the context's original content.

Actual Behavior

When a RAG context (from tool results or otherwise) contains the string "{{QUERY}}" or "[query]", then RAG template formatting:

  • Replaces its query placeholder with a new unique string.
  • Replaces occurrences of the new unique string with the query as intended.
  • Additionally, replaces all original "{{QUERY}}" and "[query]" placeholders in the context, unintentionally altering the context's original content and not respecting expected escaping.

Steps to Reproduce

  1. Start Ubuntu 24.04 LTS in WSL2.
  2. Set up Open WebUI according to documentation:
    • In one terminal: npm run dev to start the frontend.
    • In another terminal: run sh dev.sh from the backend/ directory to start the backend.
  3. In parallel, start a custom API that proxies OpenAI-compatible requests from the /chat/completions endpoint to a real OpenAI-compatible API, and whose only other role is to print out:
    • All request parameters
    • System and user messages
  4. In the Open WebUI interface, create the admin user.
  5. Update connection settings in admin panel to use the custom OpenAI-compatible proxy API.
  6. In Workspace, create a new tool using the default provided code.
  7. Update the tool code get_current_time method to return a string containing {{QUERY}} and/or [query]: 
    return f"{{{{QUERY}}}} [query] Current Date and Time = {current_date}, {current_time}"
  8. Create a new chat with any model and enable the tool just created.
  9. Type (or ask): "What time is it?"
  10. Inspect the printout in the custom API terminal window: observe that placeholders are unintentionally replaced in the context's content.

Note: Alternatively, you could add logs in the backend to print the request parameters, but using a custom API ensures backend code is untouched for this test.

Logs & Screenshots

Below is actual output from the custom API proxy used during testing. This show the unexpected substitution of the query placeholder in the context's original content, not respecting the intended escaping.

LLM Chat Query:

Messages since the last assistant response:
- user
```
### Task:
Respond to the user query using the provided context, incorporating inline citations in the format [id] **only when the <source> tag includes an explicit id attribute** (e.g., <source id="1">).

### Guidelines:
- If you don't know the answer, clearly state that.
- If uncertain, ask the user for clarification.
- Respond in the same language as the user's query.
- If the context is unreadable or of poor quality, inform the user and provide the best possible answer.
- If the answer isn't present in the context but you possess the knowledge, explain this to the user and provide the answer using your own understanding.
- **Only include inline citations using [id] (e.g., [1], [2]) when the <source> tag includes an id attribute.**
- Do not cite if the <source> tag does not contain an id attribute.
- Do not use XML tags in your response.
- Ensure citations are concise and directly related to the information provided.

### Example of Citation:
If the user asks about a specific topic and the information is found in a source with a provided id attribute, the response should include the citation like in the following example:
* "According to the study, the proposed method increases efficiency by 20% [1]."

### Output:
Provide a clear and direct response to the user's query, including inline citations in the format [id] only when the <source> tag with id attribute is present in the context.

<context>
<source id="1" name="test/get_current_time">what time is it? what time is it? Current Date and Time = Tuesday, November 11, 2025, 02:00:02 AM</source>
</context>

<user_query>
what time is it?
</user_query>

what time is it?

Tool `test/get_current_time` Output: {{QUERY}} [query] Current Date and Time = Tuesday, November 11, 2025, 02:00:02 AM
```

Additional Information

Related code responsible for the escaping faulty logic:

e0d5de1697/backend/open_webui/utils/task.py (L207-L224)

I will create a PR to attempt to resolve this issue.

Note: The context duplication issue you may have noticed in the LLM Chat Query user message is related to issue #19098 and is not addressed in the current issue.

Originally created by @matiboux on GitHub (Nov 11, 2025). Original GitHub issue: https://github.com/open-webui/open-webui/issues/19101 ### Check Existing Issues - [x] I have searched for any existing and/or related issues. - [x] I have searched for any existing and/or related discussions. - [x] I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!). - [x] I am using the latest version of Open WebUI. ### Installation Method Git Clone ### Open WebUI Version v0.6.36 ### Ollama Version (if applicable) _No response_ ### Operating System Ubuntu 24.04 LTS (WSL2) ### Browser (if applicable) _No response_ ### Confirmation - [x] I have read and followed all instructions in `README.md`. - [x] I am using the latest version of **both** Open WebUI and Ollama. - [x] I have included the browser console logs. - [x] I have included the Docker container logs. - [x] I have **provided every relevant configuration, setting, and environment variable used in my setup.** - [x] I have clearly **listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup** (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc). - [x] I have documented **step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation**. My steps: - Start with the initial platform/version/OS and dependencies used, - Specify exact install/launch/configure commands, - List URLs visited, user input (incl. example values/emails/passwords if needed), - Describe all options and toggles enabled or changed, - Include any files or environmental changes, - Identify the expected and actual result at each stage, - Ensure any reasonably skilled user can follow and hit the same issue. ### Expected Behavior When a RAG context (from tool results or otherwise) contains the string "{{QUERY}}" or "[query]", then the RAG template formatting is expected to escape these occurrences and use its own unique query placeholder string, ensuring it does not modify or replace the context's original content. ### Actual Behavior When a RAG context (from tool results or otherwise) contains the string "{{QUERY}}" or "[query]", then RAG template formatting: - Replaces its query placeholder with a new unique string. - Replaces occurrences of the new unique string with the query as intended. - Additionally, replaces all original "{{QUERY}}" and "[query]" placeholders in the context, unintentionally altering the context's original content and not respecting expected escaping. ### Steps to Reproduce 1. Start Ubuntu 24.04 LTS in WSL2. 2. Set up Open WebUI according to documentation: - In one terminal: `npm run dev` to start the frontend. - In another terminal: run `sh dev.sh` from the `backend/` directory to start the backend. 3. In parallel, start a custom API that proxies OpenAI-compatible requests from the `/chat/completions` endpoint to a real OpenAI-compatible API, and whose only other role is to print out: - All request parameters - System and user messages 4. In the Open WebUI interface, create the admin user. 5. Update connection settings in admin panel to use the custom OpenAI-compatible proxy API. 6. In Workspace, create a new tool using the default provided code. 7. Update the tool code `get_current_time` method to return a string containing `{{QUERY}}` and/or `[query]`: ```python return f"{{{{QUERY}}}} [query] Current Date and Time = {current_date}, {current_time}" ``` 7. Create a new chat with any model and enable the tool just created. 9. Type (or ask): "What time is it?" 10. Inspect the printout in the custom API terminal window: observe that placeholders are unintentionally replaced in the context's content. Note: Alternatively, you could add logs in the backend to print the request parameters, but using a custom API ensures backend code is untouched for this test. ### Logs & Screenshots Below is actual output from the custom API proxy used during testing. This show the unexpected substitution of the query placeholder in the context's original content, not respecting the intended escaping. **LLM Chat Query:** ````` Messages since the last assistant response: - user ``` ### Task: Respond to the user query using the provided context, incorporating inline citations in the format [id] **only when the <source> tag includes an explicit id attribute** (e.g., <source id="1">). ### Guidelines: - If you don't know the answer, clearly state that. - If uncertain, ask the user for clarification. - Respond in the same language as the user's query. - If the context is unreadable or of poor quality, inform the user and provide the best possible answer. - If the answer isn't present in the context but you possess the knowledge, explain this to the user and provide the answer using your own understanding. - **Only include inline citations using [id] (e.g., [1], [2]) when the <source> tag includes an id attribute.** - Do not cite if the <source> tag does not contain an id attribute. - Do not use XML tags in your response. - Ensure citations are concise and directly related to the information provided. ### Example of Citation: If the user asks about a specific topic and the information is found in a source with a provided id attribute, the response should include the citation like in the following example: * "According to the study, the proposed method increases efficiency by 20% [1]." ### Output: Provide a clear and direct response to the user's query, including inline citations in the format [id] only when the <source> tag with id attribute is present in the context. <context> <source id="1" name="test/get_current_time">what time is it? what time is it? Current Date and Time = Tuesday, November 11, 2025, 02:00:02 AM</source> </context> <user_query> what time is it? </user_query> what time is it? Tool `test/get_current_time` Output: {{QUERY}} [query] Current Date and Time = Tuesday, November 11, 2025, 02:00:02 AM ``` ````` ### Additional Information Related code responsible for the escaping faulty logic: https://github.com/open-webui/open-webui/blob/e0d5de16978786b8a7538adf1efcde5258f38faf/backend/open_webui/utils/task.py#L207-L224 I will create a PR to attempt to resolve this issue. Note: The context duplication issue you may have noticed in the LLM Chat Query user message is related to issue #19098 and is not addressed in the current issue.
GiteaMirror added the bug label 2026-05-05 20:56:19 -05:00
GiteaMirror commented 2026-05-05 20:56:21 -05:00
Author
Owner
Copy Link

@tjbck commented on GitHub (Nov 11, 2025):

Good catch, should be addressed in dev, testing wanted here.

<!-- gh-comment-id:3515017767 --> @tjbck commented on GitHub (Nov 11, 2025): Good catch, should be addressed in dev, testing wanted here.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#57439
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?