Skip to content

Commit 5d08f80

Browse files
simonhampclaude
andcommitted
Fix double-escaped apostrophe in dashboard user menu
Use dynamic :name binding instead of {{ }} interpolation on Flux profile components to prevent HTML entities being escaped twice. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent 7290646 commit 5d08f80

2 files changed

Lines changed: 27 additions & 2 deletions

File tree

resources/views/components/layouts/dashboard.blade.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -155,7 +155,7 @@ class="min-h-screen bg-white font-poppins antialiased dark:bg-zinc-900 dark:text
155155
</flux:sidebar.nav>
156156

157157
<flux:dropdown position="top" align="start" class="max-lg:hidden">
158-
<flux:sidebar.profile name="{{ auth()->user()->name ?? auth()->user()->email }}" />
158+
<flux:sidebar.profile :name="auth()->user()->name ?? auth()->user()->email" />
159159

160160
<flux:menu>
161161
<flux:menu.item icon="cog-6-tooth" href="{{ route('customer.settings') }}">Settings</flux:menu.item>
@@ -184,7 +184,7 @@ class="min-h-screen bg-white font-poppins antialiased dark:bg-zinc-900 dark:text
184184
</a>
185185

186186
<flux:dropdown position="top" align="start">
187-
<flux:profile name="{{ auth()->user()->name ?? auth()->user()->email }}" />
187+
<flux:profile :name="auth()->user()->name ?? auth()->user()->email" />
188188

189189
<flux:menu>
190190
<flux:menu.item icon="cog-6-tooth" href="{{ route('customer.settings') }}">Settings</flux:menu.item>
Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
<?php
2+
3+
namespace Tests\Feature;
4+
5+
use App\Models\User;
6+
use Illuminate\Foundation\Testing\RefreshDatabase;
7+
use Tests\TestCase;
8+
9+
class DashboardLayoutTest extends TestCase
10+
{
11+
use RefreshDatabase;
12+
13+
public function test_user_name_with_apostrophe_is_not_double_escaped_in_dashboard(): void
14+
{
15+
$user = User::factory()->create([
16+
'name' => "Timmy D'Hooghe",
17+
]);
18+
19+
$response = $this->withoutVite()->actingAs($user)->get('/dashboard');
20+
21+
$response->assertStatus(200);
22+
$response->assertDontSee('D&#039;Hooghe', false);
23+
$response->assertSee("Timmy D'Hooghe", false);
24+
}
25+
}

0 commit comments

Comments
 (0)