Fix double-escaped apostrophe in dashboard user menu

simonhamp · claude · simonhamp · commit 5d08f8026d17 · 2026-03-23T20:53:44.000Z
Use dynamic :name binding instead of {{ }} interpolation on Flux
profile components to prevent HTML entities being escaped twice.

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/resources/views/components/layouts/dashboard.blade.php b/resources/views/components/layouts/dashboard.blade.php
@@ -155,7 +155,7 @@ class="min-h-screen bg-white font-poppins antialiased dark:bg-zinc-900 dark:text
             </flux:sidebar.nav>
 
             <flux:dropdown position="top" align="start" class="max-lg:hidden">
-                <flux:sidebar.profile name="{{ auth()->user()->name ?? auth()->user()->email }}" />
+                <flux:sidebar.profile :name="auth()->user()->name ?? auth()->user()->email" />
 
                 <flux:menu>
                     <flux:menu.item icon="cog-6-tooth" href="{{ route('customer.settings') }}">Settings</flux:menu.item>
@@ -184,7 +184,7 @@ class="min-h-screen bg-white font-poppins antialiased dark:bg-zinc-900 dark:text
             </a>
 
             <flux:dropdown position="top" align="start">
-                <flux:profile name="{{ auth()->user()->name ?? auth()->user()->email }}" />
+                <flux:profile :name="auth()->user()->name ?? auth()->user()->email" />
 
                 <flux:menu>
                     <flux:menu.item icon="cog-6-tooth" href="{{ route('customer.settings') }}">Settings</flux:menu.item>
diff --git a/tests/Feature/DashboardLayoutTest.php b/tests/Feature/DashboardLayoutTest.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace Tests\Feature;
+
+use App\Models\User;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Tests\TestCase;
+
+class DashboardLayoutTest extends TestCase
+{
+    use RefreshDatabase;
+
+    public function test_user_name_with_apostrophe_is_not_double_escaped_in_dashboard(): void
+    {
+        $user = User::factory()->create([
+            'name' => "Timmy D'Hooghe",
+        ]);
+
+        $response = $this->withoutVite()->actingAs($user)->get('/dashboard');
+
+        $response->assertStatus(200);
+        $response->assertDontSee('D&#039;Hooghe', false);
+        $response->assertSee("Timmy D'Hooghe", false);
+    }
+}
