How to handle user input with code snippets when sending to Mistral in n8n?

The practical way to handle user input that contains code snippets (like HTML, JS, Python, etc.) when sending it to Mistral in n8n is: never try to escape or preprocess the code yourself inside n8n. Instead, send the raw text as-is in the JSON body of the HTTP Request node (or Mistral node if you use the official integration), and wrap the text in triple backticks inside your prompt. n8n will not break or alter the code unless you accidentally use expressions in wrong places. The key rule: put user input inside a normal JSON string, and only use expression syntax {{$json.someField}} to insert it — nothing else. This ensures the code snippet is passed safely and intact to Mistral.

 

Why this works

 

n8n does not try to parse or evaluate user input inside JSON. It only evaluates expressions inside {{ }}. So as long as the code snippet is a string stored in an item field (for example json.userInput), n8n will send it exactly as it is, including braces, HTML tags, or JavaScript code.

When building prompts for LLMs, the biggest danger is mixing user input with expression syntax. For example, {{ inside the user’s code snippet would accidentally trigger an expression evaluation. The solution is to keep your prompt in standard text and insert the user snippet with {{$json.userInput}}.

 

How to safely send code snippets to Mistral in n8n

 

Imagine you collected user input from a webhook, and the user sent something like:

<script>
alert("Test");
</script>

Here is the safe structure in the HTTP Request node (for Mistral's API):

{
  "model": "mistral-large-latest",
  "messages": [
    {
      "role": "user",
      "content": "Here is the user code snippet:\n```html\n{{$json.userInput}}\n```"
    }
  ]
}

Key points:

• User input is inserted only with {{$json.userInput}}.
• The snippet is wrapped in triple backticks so Mistral understands it's code.
• You do not escape HTML, JS, Python, or anything — n8n sends it raw.
• No extra expression brackets, no string concatenation inside {{ }}.

 

Where things usually break (production realities)

 

• User input contains {{ }}. Then n8n tries to evaluate it. Fix: Sanitize by replacing the braces before storing the text, or store in binary mode. But most real workflows simply reject or transform those two characters.
• Line breaks get lost. This only happens if you accidentally put your entire JSON body in the "raw" mode wrong. Fix: Use JSON mode in HTTP Request node, not raw, unless you have a reason.
• User sends JSON-like code (e.g., {"a":1}). Totally fine. JSON inside JSON works as a string. n8n does not parse it.

 

Typical safe Code node transformation

 

If you want to store user input exactly as-is (including scripts, HTML, weird symbols), a Code node like this is enough:

// This Code node takes whatever the webhook received
// and stores it in a field called userInput with NO modification

return [
  {
    json: {
      userInput: $json.body // adjust to your webhook field
    }
  }
];

Now this field is safe to pass directly into the Mistral request.

 

Final important production advice

 

• Keep your prompt in plain text, insert user input with one expression.
• Always wrap user-provided code inside triple backticks in the prompt.
• Do not try to escape the code manually — let JSON handle it.
• Watch out for {{ }} inside user code — it is the only real danger.

If you follow that pattern, n8n will reliably deliver code snippets to Mistral exactly as users typed them, with no corruption or accidental expression evaluation.