Adding "html_encode("<>")" to a window name in the option field of a browse call causes it to redirect the browse call to the default control instead of opening a popup.
What's likely happening is this is breaking the parsing of the option string, but this creates an annoying issue as the option string does not have any way of escaping a ; in the string:
The option parameters should either be omitted or they should be in a text string of the following format: "window=name;file=name;display=1;
You may use commas (,), ampersands (&), or semicolons (;) as the delimiter. Any or all of the parameters may be specified and they may be included in any order.
Or rather, this entire bug report is just a snarky way of reporting that the docs do not specify that the second argument to browse is a params list, so for security reasons, we can not assume list2params and url_encode are safe for use here.
See this exchange for more info: https://github.com/tgstation/tgstation/pull/ 46580#issuecomment-532353744
md5() window names that could contain special characters. (Note: list2params and url_encode are not proper work arounds because the docs do not describe the options string as a params list or uri encoded list)