framework icon indicating copy to clipboard operation
framework copied to clipboard
Published 1 month ago verified publisher icon laravel

Apostrophe not being escaped in markdown mail templates

Open seb-jones opened this issue 9 months ago • 0 comments

Laravel Version

12

PHP Version

8.4

Database Driver & Version

N/A

Description

Hi,

We are finding that variables echoed into Markdown Mailables are not having the Apostrophe character escaped. This has created some confusion in tests because assertSeeInHtml does escape the Apostrophe character.

Is this expected behaviour?

Steps To Reproduce

  1. Create a new Laravel 12 installation.

  2. Create a Markdown Mailable, e.g:

php artisan make:mail EscapeTest --markdown=mail.escape-test
  1. In the markdown file, echo some characters that you would expect to be escaped, including the Apostrophe:
<x-mail::message>

{{ "<script ' &" }}

</x-mail::message>
  1. Return the mailable from the / web route for testing:
Route::get('/', function () {
    return new \App\Mail\EscapeTest;
});
  1. Navigate to the website in the browser and observe in Dev Tools that the Apostrophe character is not escaped, while the other characters are:

Image

seb-jones avatar Feb 27 '25 16:02 seb-jones