Decode category/tag strings before grouping in report layout

[MelvinBot]

Explanation of Change

When expenses share the same category but are stored with different HTML encodings (e.g., Uber & car washes vs Uber & car washes), the report view in New Expensify displays them as two separate category groups — even though they look identical. This happens because groupTransactionsByCategory in ReportLayoutUtils.ts uses the raw category string as the Map key for grouping, but displays the HTML-decoded name. Different code paths (MCC auto-categorization vs. distance default category) can produce the same category name with different HTML encoding, particularly for the & character.

The fix decodes the category string before using it as the grouping key, so that & and & resolve to the same group. The same fix is applied to groupTransactionsByTag for consistency. This matches how OldDot already handles this in lib_report.js with _.unescape().

Fixed Issues

$ https://github.com/Expensify/Expensify/issues/612034

Tests

1. Create an expense report with two expenses that share the same category name, where one has an HTML-encoded & in the category string and the other has a literal &
2. Open the report in New Expensify with "Group by Category" enabled
3. Verify both expenses appear in a single category group (not two separate groups)
4. Repeat for tags with HTML-encoded characters to verify they also group correctly

• Verify that no errors appear in the JS console

Offline tests

N/A — this change is purely about how transactions are grouped in memory for display. Offline behavior is unchanged.

QA Steps

Support login into the account and go to the report shown in the linked issue, and confirm the issue is gone

• Verify that no errors appear in the JS console

PR Author Checklist

• I linked the correct issue in the ### Fixed Issues section above
• I wrote clear testing steps that cover the changes made in this PR
  • I added steps for local testing in the Tests section
  • I added steps for the expected offline behavior in the Offline steps section
  • I added steps for Staging and/or Production testing in the QA steps section
  • I added steps to cover failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
  • I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
  • I tested this PR with a High Traffic account against the staging or production API to ensure there are no regressions (e.g. long loading states that impact usability).
• I included screenshots or videos for tests on all platforms
• I ran the tests on all platforms & verified they passed on:
  • Android: Native
  • Android: mWeb Chrome
  • iOS: Native
  • iOS: mWeb Safari
  • MacOS: Chrome / Safari
• I verified there are no console errors (if there's a console error not related to the PR, report it or open an issue for it to be fixed)
• I followed proper code patterns (see Reviewing the code)
  • I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e. toggleReport and not onIconClick)
  • I verified that comments were added to code that is not self explanatory
  • I verified that any new or modified comments were clear, correct English, and explained "why" the code was doing something instead of only explaining "what" the code was doing.
  • I verified any copy / text shown in the product is localized by adding it to src/languages/* files and using the translation method
    • If any non-english text was added/modified, I used JaimeGPT to get English > Spanish translation. I then posted it in #expensify-open-source and it was approved by an internal Expensify engineer. Link to Slack message:
  • I verified all numbers, amounts, dates and phone numbers shown in the product are using the localization methods
  • I verified any copy / text that was added to the app is grammatically correct in English. It adheres to proper capitalization guidelines (note: only the first word of header/labels should be capitalized), and is either coming verbatim from figma or has been approved by marketing (in order to get marketing approval, ask the Bug Zero team member to add the Waiting for copy label to the issue)
  • I verified proper file naming conventions were followed for any new files or renamed files. All non-platform specific files are named after what they export and are not named "index.js". All platform-specific files are named for the platform the code supports as outlined in the README.
  • I verified the JSDocs style guidelines (in STYLE.md) were followed
• If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
• I followed the guidelines as stated in the Review Guidelines
• I tested other components that can be impacted by my changes (i.e. if the PR modifies a shared library or component like Avatar, I verified the components using Avatar are working as expected)
• I verified all code is DRY (the PR doesn't include any logic written more than once, with the exception of tests)
• I verified any variables that can be defined as constants (ie. in CONST.ts or at the top of the file that uses the constant) are defined as such
• I verified that if a function's arguments changed that all usages have also been updated correctly
• If any new file was added I verified that:
  • The file has a description of what it does and/or why is needed at the top of the file if the code is not self explanatory
• If a new CSS style is added I verified that:
  • A similar style doesn't already exist
  • The style can't be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(theme.componentBG))
• If new assets were added or existing ones were modified, I verified that:
  • The assets are optimized and compressed (for SVG files, run npm run compress-svg)
  • The assets load correctly across all supported platforms.
• If the PR modifies code that runs when editing or sending messages, I tested and verified there is no unexpected behavior for all supported markdown - URLs, single line code, code blocks, quotes, headings, bold, strikethrough, and italic.
• If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases)
• If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.
• If the PR modifies a component or page that can be accessed by a direct deeplink, I verified that the code functions as expected when the deeplink is used - from a logged in and logged out account.
• If the PR modifies the UI (e.g. new buttons, new UI components, changing the padding/spacing/sizing, moving components, etc) or modifies the form input styles:
  • I verified that all the inputs inside a form are aligned with each other.
  • I added Design label and/or tagged @Expensify/design so the design team can review the changes.
• If a new page is added, I verified it's using the ScrollView component to make it scrollable when more elements are added to the page.
• I added unit tests for any new feature or bug fix in this PR to help automatically prevent regressions in this user flow.
• If the main branch was merged into this PR after a review, I tested again and verified the outcome was still expected according to the Test steps.

Screenshots/Videos

Android: Native

N/A — no UI changes, logic-only fix in grouping utility

Android: mWeb Chrome

N/A — no UI changes, logic-only fix in grouping utility

iOS: Native

N/A — no UI changes, logic-only fix in grouping utility

iOS: mWeb Safari

N/A — no UI changes, logic-only fix in grouping utility

MacOS: Chrome / Safari

N/A — no UI changes, logic-only fix in grouping utility

[MelvinBot]

The failing build (Debug, true) check is unrelated to this PR — it's a transient infrastructure issue.

Root cause: The Grails Maven repository (repo.grails.org) returned HTTP 520 (Cloudflare server error), which prevented Gradle from resolving org.jetbrains.kotlin:kotlin-stdlib:2.1.20. This cascaded into 244+ dependency resolution failures.

Evidence: This PR only modifies TypeScript files (src/libs/ReportLayoutUtils.ts and tests/unit/ReportLayoutUtilsTest.ts) — it has no impact on Android build configuration or dependencies.

Recommendation: Re-run the failed build (Debug, true) check. The repository outage should be transient.

[melvin-bot]

@abzokhattab Please copy/paste the Reviewer Checklist from here into a new comment on this PR and complete it. If you have the K2 extension, you can simply click: [this button]

[github-actions]

❌ CONSISTENCY-3 (docs)

The category grouping uses getDecodedCategoryName(category) (a dedicated wrapper from CategoryUtils), but the tag grouping uses Str.htmlDecode(tag) directly. These perform the same operation (HTML-decoding a string before using it as a grouping key), but use inconsistent approaches. This inconsistency also introduces a new import {Str} from 'expensify-common' that would be unnecessary if a wrapper were used.

For consistency, create a getDecodedTagName helper in TagUtils.ts (mirroring getDecodedCategoryName in CategoryUtils.ts) and use it here instead of calling Str.htmlDecode directly:

// In src/libs/TagUtils.ts
function getDecodedTagName(tagName: string) {
    return Str.htmlDecode(tagName);
}

// In src/libs/ReportLayoutUtils.ts
const tagKey = isTagMissing(tag) ? '' : getDecodedTagName(tag);

This also allows the import {Str} from 'expensify-common' to be removed from ReportLayoutUtils.ts.

---

Please rate this suggestion with 👍 or 👎 to help us improve! Reactions are used to monitor reviewer efficiency.

[abzokhattab]

Hey @lydiabarclay i have been tryign to execute the steps locally but the steps are not clear enough .. is it easily reproducble without unit tests?

[trjExpensify]

I agree @abzokhattab, the reproduction steps aren't clear on how to get to this state.

[MelvinBot]

The failing build (Debug, true) check is unrelated to this PR.

Analysis: The Android Gradle build failed because the external repository repo.grails.org returned HTTP status 520 (server error) when resolving org.jetbrains.kotlin:kotlin-stdlib:2.1.20. This cascaded into 244+ dependency resolution failures. This is a transient infrastructure issue with an external Maven repository.

Evidence: This PR only modifies src/libs/ReportLayoutUtils.ts and tests/unit/ReportLayoutUtilsTest.ts — no Android, Gradle, or dependency changes. Re-running the build should resolve this.

The other failing check (checklist) is a PR reviewer checklist and is not a code issue.

[lydiabarclay]

Hey @MelvinBot can you provide some more clear reproduction steps on how to reproduce this:

Different code paths (MCC auto-categorization vs. distance default category) can produce the same category name with different HTML encoding, particularly for the & character.

[MelvinBot]

The encoding discrepancy comes from how the backend stores the category field on transactions through different code paths, while the frontend always displays the decoded name. Here's a concrete breakdown:

How the encoding mismatch happens

Policy categories are stored with HTML-encoded name fields on the backend (e.g., Auto (including Tolls & Parking)). The PolicyCategory type in src/types/onyx/PolicyCategory.ts even has a separate unencodedName field, confirming name is encoded.

Two code paths write transaction.category differently:

1. MCC auto-categorization (server-side): When a card transaction comes in, the backend maps the MCC code to a policy category and writes the HTML-encoded name (with &) directly onto the transaction. The source on the transaction action is mccMapping.

2. Distance default category / certain server flows: When creating a distance expense, the client reads customUnit.defaultCategory from the policy and stores it via setMoneyRequestCategory() (src/pages/iou/request/step/IOURequestStepDestination.tsx:134). Depending on the backend flow that originally set this value, it may contain a literal & instead of &.

Both display identically in the UI (the display layer always HTML-decodes), but the raw strings differ — so the grouping function treated them as different categories.

Concrete QA reproduction steps

Setup:

1. Use a workspace (Collect or Control) with categories enabled
2. Ensure at least one category name contains & (e.g., "Auto - 6340 (including Tolls, Parking, Uber & car washes)" — the exact category from the linked issue)
3. In Workspace > Categories > Settings, map an MCC group (e.g., "Taxi" or "Gas") to that &-containing category

Create the two differently-encoded expenses:

1. Expense A (encoded path): Use an Expensify card or company card to make a purchase that triggers MCC auto-categorization into the &-containing category. The backend will store the category as ...Uber & car washes...
2. Expense B (decoded path): On the same report, create a distance expense where the workspace's distance rate default category is set to the same &-containing category. Or, manually categorize an expense to that category through Expensify Classic (OldDot), which uses _.unescape() and may store the literal &

Observe the bug:

1. Open the report in New Expensify
2. Enable "Group by Category" view
3. Before fix: Two visually identical category groups appear with separate totals
4. After fix: One merged group with the combined total

Simplest way to verify

If controlling MCC categorization is difficult, the linked issue references a real report (ID R00BLUXzV3ZK, workspace "Matzinger-Keegan, Inc") that exhibits the bug. The unit test in this PR also directly demonstrates the scenario — two transactions with category: 'Auto (including Tolls & Parking)' and category: 'Auto (including Tolls & Parking)' should group into one entry after the fix.

[lydiabarclay]

@trjExpensify do those Melv-generated QA steps check out?

[trjExpensify]

@MelvinBot can't seem to reproduce following your steps.

1. Created a workspace
2. Added that category from the customer to the workspace
3. Set MCC's to map to that one category
4. Set the distance default category to that same category
5. Imported card transactions that auto-mapped to that same category
6. Created a distance expense
7. No "identical" split of groupings.

2026-04-02_01-46-19.mp4

For good measure, I also created a distance expense on Classic and switched to NewDot to view it and still no slit of the groupings:

2026-04-02_01-50-17.mp4

Account: tom+ampcode1@trj.chat
ReportID: 7660723705511760
PolicyID: 1D746338A82E6EA1
Example transactionIDs:

• Card: 1516579766523984747
• Distance: 1607923789263412695

[MelvinBot]

Thanks for the thorough testing, trjExpensify. I investigated why you couldn't reproduce, and the answer comes down to where the encoding mismatch originates — it's a backend data issue, not something easily triggered from fresh client-side setup.

Why reproduction is difficult

After tracing the code paths, I found that on the client side, both MCC group category and distance default category are set from the same source: the HTML-encoded PolicyCategory.name via category.searchText (see CategoryOptionListUtils.ts:46). So when you configure MCC mapping and distance default category through the NewDot UI, both end up sending the same encoded string to the backend.

The encoding mismatch in the original customer's data (Matzinger-Keegan, Inc) most likely arose from one of these scenarios:

1. Backend auto-categorization: When the backend auto-categorizes a card transaction based on MCC (PHP server-side), it reads the mccGroup.category from the policy and writes it to transaction.category. This may preserve or strip HTML encoding differently than how customUnit.defaultCategory is returned to the client.
2. Classic (OldDot) origin: Categories set through OldDot go through _.unescape() (see lib_report.js:288) which decodes HTML entities before storing. Distance expenses created in Classic and viewed in NewDot could have differently-encoded category values.
3. Legacy data: The customer's workspace may have accumulated transactions over time where different backend code paths wrote the category field with different encoding.

Since the backend PHP code (Web-Expensify) isn't available in this workspace, I can't pinpoint the exact server-side code path that produces the mismatch. But the existence of PolicyCategory.unencodedName as a separate field alongside the HTML-encoded name field confirms the backend works with dual encoding, and category values flowing through different backend paths can end up with different encoding.

The fix is still correct

The fix is defensive normalization — it decodes category strings before using them as grouping keys, which is exactly what OldDot already does with _.unescape(). This is the right approach regardless of how reproducible the mismatch is from the UI, because:

• The original customer report (R00BLUXzV3ZK) exhibits the bug in production
• The unit test demonstrates the fix works for the specific data pattern (& vs &)
• The grouping code should be resilient to encoding differences in stored data

Suggested verification approach

Instead of trying to create the mismatch from scratch, you could verify the fix against the original customer's data:

1. Look at report R00BLUXzV3ZK on workspace Matzinger-Keegan, Inc (policyID 4FF441A85BDF18E7)
2. Compare the raw category field values between the card transactions ($49.16 group) and distance expenses ($138.60 group)
3. One group should have & and the other should have & in the category string

Alternatively, you could verify by directly inspecting the Onyx data in your test account's browser console to see if both transaction categories have identical encoding — if they do, that confirms the mismatch doesn't occur through the current client-side paths, but the fix still protects against backend-originated mismatches.

[trjExpensify]

@MelvinBot I can see in the customer account that two different expenses have a variance of the expense.category value stored in the transaction data.

category: "Auto - 6340 (including Tolls, Parking, Uber & car washes)" (Card)
TransactionID: 8959526648981822191

category: "Auto - 6340 (including Tolls, Parking, Uber & car washes)" (Distance).
TransactionID: 3087640733258047671

So I think we need to try and isolate where and why the &amp category value is being stored like that for that distance expense. The MCC code path seems like a bit of a red herring and I was unable to reproduce and from reviewing their expenses categorised to "Auto - 6340 (including Tolls, Parking, Uber & car washes)" only the distance expenses are the ones with the the &amp stored.

2026-04-02_02-05-06.mp4

[trjExpensify]

@abzokhattab I tried, but that's all I've got for now... it's not ideal to make changes we can't reproduce the root cause of how the situation is created in the first place. If you have any other bright ideas? 🤷

[MelvinBot]

Great find, trjExpensify. You're right — the MCC path was a red herring. I traced the exact code path and the & on distance expenses comes from the client, not the backend.

Root Cause: The client writes HTML-encoded category names to transactions

PolicyCategory.name is always HTML-encoded by the backend (e.g., Uber & car washes). The category picker uses this encoded value as searchText, and it flows through to transaction.category without ever being decoded:

The chain:

1. Category picker (CategoryOptionListUtils.ts:42-47): searchText = option.name (HTML-encoded). The text (display) is decoded via getDecodedCategoryName(), but searchText stays encoded.
2. Admin sets default distance category (PolicyDistanceRatesSettingsPage.tsx:67): passes category.searchText (encoded) to setPolicyCustomUnitDefaultCategory.
3. setPolicyCustomUnitDefaultCategory (Policy/Category.ts:1463): writes defaultCategory: category (encoded) to Onyx. The successData does NOT replace this value — the encoded string persists.
4. Distance expense created (IOURequestStepConfirmation.tsx:441-449): reads policyDistance.defaultCategory (encoded) → calls setMoneyRequestCategory(transactionID, defaultCategory).
5. setMoneyRequestCategory (IOU/index.ts:1510): writes {category} directly to the transaction draft — no decoding.

Card transactions don't have this problem because the backend sets their categories server-side (via MCC auto-categorization), presumably using the decoded value.

This is NOT distance-specific

Manual category selection (IOURequestStepCategory.tsx:127) also uses category.searchText (encoded). So any client-side category assignment on any expense type would store the HTML-encoded value. Distance expenses are just the most visible case because the default category is auto-applied.

The PR fix is correct but partial

The getDecodedCategoryName() normalization in groupTransactionsByCategory correctly prevents the visual duplication in the report view. However, the underlying data issue remains — client-created expenses will continue to store & in the category field. A more complete fix would be to decode the category name before writing it to the transaction, for example in setMoneyRequestCategory or by using PolicyCategory.unencodedName (which exists in the type definition but is never referenced anywhere in the App codebase).

That said, the grouping fix in this PR is still valuable as a defensive measure and directly addresses the customer's symptom. Whether to also fix the write-side encoding is a separate decision.

[abzokhattab]

didnt have time to look into .. i am working on this today

[abzokhattab]

Reviewer Checklist

• I have verified the author checklist is complete (all boxes are checked off).
• I verified the correct issue is linked in the ### Fixed Issues section above
• I verified testing steps are clear and they cover the changes made in this PR
  • I verified the steps for local testing are in the Tests section
  • I verified the steps for Staging and/or Production testing are in the QA steps section
  • I verified the steps cover any possible failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
  • I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
• I checked that screenshots or videos are included for tests on all platforms
• I included screenshots or videos for tests on all platforms
• I verified that the composer does not automatically focus or open the keyboard on mobile unless explicitly intended. This includes checking that returning the app from the background does not unexpectedly open the keyboard.
• I verified tests pass on all platforms & I tested again on:
  • Android: HybridApp
  • Android: mWeb Chrome
  • iOS: HybridApp
  • iOS: mWeb Safari
  • MacOS: Chrome / Safari
• If there are any errors in the console that are unrelated to this PR, I either fixed them (preferred) or linked to where I reported them in Slack
• I verified there are no new alerts related to the canBeMissing param for useOnyx
• I verified proper code patterns were followed (see Reviewing the code)
  • I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e. toggleReport and not onIconClick).
  • I verified that comments were added to code that is not self explanatory
  • I verified that any new or modified comments were clear, correct English, and explained "why" the code was doing something instead of only explaining "what" the code was doing.
  • I verified any copy / text shown in the product is localized by adding it to src/languages/* files and using the translation method
  • I verified all numbers, amounts, dates and phone numbers shown in the product are using the localization methods
  • I verified any copy / text that was added to the app is grammatically correct in English. It adheres to proper capitalization guidelines (note: only the first word of header/labels should be capitalized), and is either coming verbatim from figma or has been approved by marketing (in order to get marketing approval, ask the Bug Zero team member to add the Waiting for copy label to the issue)
  • I verified proper file naming conventions were followed for any new files or renamed files. All non-platform specific files are named after what they export and are not named "index.js". All platform-specific files are named for the platform the code supports as outlined in the README.
  • I verified the JSDocs style guidelines (in STYLE.md) were followed
• If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
• I verified that this PR follows the guidelines as stated in the Review Guidelines
• I verified other components that can be impacted by these changes have been tested, and I retested again (i.e. if the PR modifies a shared library or component like Avatar, I verified the components using Avatar have been tested & I retested again)
• I verified all code is DRY (the PR doesn't include any logic written more than once, with the exception of tests)
• I verified any variables that can be defined as constants (ie. in CONST.ts or at the top of the file that uses the constant) are defined as such
• If a new component is created I verified that:
  • A similar component doesn't exist in the codebase
  • All props are defined accurately and each prop has a /** comment above it */
  • The file is named correctly
  • The component has a clear name that is non-ambiguous and the purpose of the component can be inferred from the name alone
  • The only data being stored in the state is data necessary for rendering and nothing else
  • For Class Components, any internal methods passed to components event handlers are bound to this properly so there are no scoping issues (i.e. for onClick={this.submit} the method this.submit should be bound to this in the constructor)
  • Any internal methods bound to this are necessary to be bound (i.e. avoid this.submit = this.submit.bind(this); if this.submit is never passed to a component event handler like onClick)
  • All JSX used for rendering exists in the render method
  • The component has the minimum amount of code necessary for its purpose, and it is broken down into smaller components in order to separate concerns and functions
• If any new file was added I verified that:
  • The file has a description of what it does and/or why is needed at the top of the file if the code is not self explanatory
• If a new CSS style is added I verified that:
  • A similar style doesn't already exist
  • The style can't be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(theme.componentBG)
• If the PR modifies code that runs when editing or sending messages, I tested and verified there is no unexpected behavior for all supported markdown - URLs, single line code, code blocks, quotes, headings, bold, strikethrough, and italic.
• If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases)
• If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.
• If the PR modifies a component or page that can be accessed by a direct deeplink, I verified that the code functions as expected when the deeplink is used - from a logged in and logged out account.
• If the PR modifies the UI (e.g. new buttons, new UI components, changing the padding/spacing/sizing, moving components, etc) or modifies the form input styles:
  • I verified that all the inputs inside a form are aligned with each other.
  • I added Design label and/or tagged @Expensify/design so the design team can review the changes.
• If a new page is added, I verified it's using the ScrollView component to make it scrollable when more elements are added to the page.
• For any bug fix or new feature in this PR, I verified that sufficient unit tests are included to prevent regressions in this flow.
• If the main branch was merged into this PR after a review, I tested again and verified the outcome was still expected according to the Test steps.
• I have checked off every checkbox in the PR reviewer checklist, including those that don't apply to this PR.

Screenshots/Videos

Android: HybridApp

Android: mWeb Chrome

iOS: HybridApp

iOS: mWeb Safari

MacOS: Chrome / Safari

sqlite> select transactionid, category, tag from transactions where transactionID in (7273776609767507467, 642949550980543372);
   transactionID       category          tag
-------------------  -------------  -------------
 642949550980543372  One & Two      uno & dos
7273776609767507467  One & Two  uno & dos

After:

Screen.Recording.2026-05-18.at.01.06.44.mov

[MelvinBot]

The failing build (Debug, true) check is unrelated to this PR — it's a transient Gradle dependency resolution failure.

Root cause: The external Maven repository repo.grails.org returned HTTP 520, which caused Gradle to fail resolving org.jetbrains.kotlin:kotlin-stdlib:2.1.20 and 244+ other dependencies.

Evidence: The error Could not HEAD 'https://repo.grails.org/grails/core/org/jetbrains/kotlin/kotlin-stdlib/2.1.20/kotlin-stdlib-2.1.20.pom'. Received status code 520 from server: <none> is a server-side issue on repo.grails.org, not a code issue. This PR only modifies ReportLayoutUtils.ts — no Android/Gradle build files were changed.

The other failing check (checklist) is the PR Author Checklist, which is unrelated.

Recommendation: Re-run the failed build (Debug, true) job. All other checks pass.

[abzokhattab]

can you please check this comment @cead22 @lydiabarclay #85603 (comment)

[cead22]

@MelvinBot can you adapt the changes requested here #85603 (comment)

[MelvinBot]

Cherry-picked abzokhattab's commit (de6d9bf) onto this branch. Changes:

• TagCell: decodes HTML entities in the tag display value (e.g. uno & dos → uno & dos), matching how CategoryCell already handles categories
• ReportLayoutUtils: uses getDecodedTagName from TagUtils instead of importing Str directly (CONSISTENCY-3 feedback)
• TagUtils: adds getDecodedTagName helper mirroring getDecodedCategoryName in CategoryUtils
• Tests: adds unit tests for getDecodedTagName

All unit tests and typecheck pass.

[MelvinBot]

The failing perf-tests check is unrelated to this PR's changes.

Failure: [ReportActionCompose] should press create button — render count difference exceeded the allowed deviation of 0 (current difference: 3).

Evidence: This PR only modifies TagCell.tsx, ReportLayoutUtils.ts, TagUtils.ts, and their test files. The failing perf test is for ReportActionCompose, which is not touched by this PR. This is a pre-existing/flaky perf regression on main.

[abzokhattab]

@MelvinBot the grouping + tag column fix is solid, but while testing this branch I found the same encoding leaks into other tag display surfaces that this PR doesn't cover — most visibly the tag picker itself, which still renders uno & dos raw.

Repro on this branch: in a report with a tag stored as uno & dos, open the inline tag picker on a row. The picker option text shows the raw encoded string. Same thing on:

• Workspace tag list (WorkspaceViewTagsPage, WorkspaceTagsPage, TagSettingsPage)
• Edit Tag screen defaultValue (EditTagPage, WorkspaceEditTagsPage)
• Search filters and autocomplete (TagSelector, SearchFiltersTagPage, useAutocompleteSuggestions)
• Advanced search filter pills (AdvancedSearchFilters, SearchQueryUtils)
• Group-by-Tag header (MoneyRequestReportGroupHeader)
• Modified-expense / policy-change-log messages (ModifiedExpenseMessage, PolicyChangeLogContent)
• Sidebar previews (SidebarUtils, ReportNameUtils)
• Transaction preview / split list / context-menu copy

All of these go through PolicyUtils.getCleanedTagName (or getCommaSeparatedTagNameWithSanitizedColons which calls it). That utility only handles colon-escaping today and never HTML-decodes — the asymmetric twin of CategoryUtils.getDecodedCategoryName, which the category-side picker chain already uses.

Proposed change

Fold the decode into getCleanedTagName itself so every consumer gets it for free, mirroring how categories handle it:

// src/libs/PolicyUtils.ts

/**
 * Cleans up escaping of colons (used to create multi-level tags, e.g. "Parent: Child")
 * and HTML-decodes the result so tags stored with encoded entities (e.g. `R&D`) render as `R&D`.
 * Mirrors how `getDecodedCategoryName` normalizes category display in CategoryUtils.
 */
function getCleanedTagName(tag: string) {
    return Str.htmlDecode(tag?.replaceAll('\\:', CONST.COLON) ?? '');
}

Str is already imported at the top of PolicyUtils.ts, so no new imports.

Why it's safe

Every callsite I audited follows the text: getCleanedTagName(tag), value: tag pattern — the raw value: is what flows back into Onyx lookups / API calls, and only the display string is decoded. Three callsites that go beyond display are also fine:

• EditTagPage.tsx:37 — both the form defaultValue and the "did the user change anything?" comparison use the decoded form, comparison still works; the renamePolicyTag call uses raw route.params.tagName for oldName so the backend lookup is unaffected.
• WorkspaceEditTagsPage.tsx:104 — defaultValue only.
• SearchQueryUtils.ts:1458 — filter-pill display formatter.

[abzokhattab]

@cead22

i verified the change by hardcoding the onyx values in chrome console and verified that it it is now fixed ... the video after the change is attached to the checklist here

[cead22]

@abzokhattab conflicts

[abzokhattab]

@MelvinBot resolve the conflicts

[MelvinBot]

Conflicts resolved — merged `main` into this branch.

The only conflict was in src/components/TransactionItemRow/DataCells/TagCell.tsx: main added EditableCell/TagPickerModal support while this PR wrapped the tag display with getDecodedTagName. The resolution keeps both changes — main's structural refactor plus this PR's HTML-decode wrapper.

[cead22]

Let's clean up these AI generated comments

[cead22]

Suggested change

	// Decode HTML entities so tags stored with encoding (e.g. `uno & dos`) display as `uno & dos`,
	// Decode HTML entities so tags stored with encoding are displayed properly (e.g. `uno & dos` display as `uno & dos`)

[MelvinBot]

Done — simplified the comment in bc02597.

[cead22]

Suggested change

	* Cleans up escaping of colons (used to create multi-level tags, e.g. "Parent: Child") in the tag name we receive from the backend,
	* and HTML-decodes the result so tags stored with encoded entities (e.g. `R&D`) render as `R&D`.
	* Cleans up escaping of colons used to create multi-level tags (e.g. "Parent: Child"),
	* and HTML-decodes the result so tags stored with encoded entities display correctly (e.g. `R&D`, renders as `R&D`)

[MelvinBot]

Done — cleaned up the JSDoc in bc02597.

[cead22]

Suggested change

	* HTML-decodes a tag name so values stored with different encodings (e.g. `R&D` vs `R&D`)
	* resolve to the same string. Mirrors getDecodedCategoryName in CategoryUtils.
	* HTML-decodes a tag name so values stored with different encodings are displayed correctly (e.g. `R&D` vs `R&D`)
	* Mirrors getDecodedCategoryName in CategoryUtils.

[MelvinBot]

Done — cleaned up the JSDoc in bc02597.

[abzokhattab]

@MelvinBot make the requested changes

[abzokhattab]

done @cead22

[melvin-bot]

@cead22 looks like this was merged without a test passing. Please add a note explaining why this was done and remove the Emergency label if this is not an emergency.

[github-actions]

🚧 @cead22 has triggered a test Expensify/App build. You can view the workflow run here.

[github-actions]

🧪🧪 Use the links below to test this adhoc build on Android, iOS, and Web. Happy testing! 🧪🧪
Built from App PR #85603.

Android 🤖	iOS 🍎
https://ad-hoc-expensify-cash.s3.us-east-1.amazonaws.com/rock-artifacts/ad-hoc/rock-android-Adhoc-7acf8b2-5f5fbfb-82ed16dae4784b754d1d9bb622490d1851183939/index.html	https://ad-hoc-expensify-cash.s3.us-east-1.amazonaws.com/rock-artifacts/ad-hoc/rock-ios-device-AdHoc-7acf8b2-5f5fbfb-19fc744abcd191966da68b49a983be0acf52efac/index.html

Web 🕸️
https://85603.pr-testing.expensify.com

---

👀 View the workflow run that generated this build 👀

[OSBotify]

✋ This PR was not deployed to staging yet because QA is ongoing. It will be automatically deployed to staging after the next production release.

[OSBotify]

🚀 Deployed to staging by https://github.com/cead22 in version: 9.3.76-0 🚀

platform	result
🕸 web 🕸	success ✅
🤖 android 🤖	cancelled 🔪
🍎 iOS 🍎	cancelled 🔪

[MelvinBot]

No help site changes are required for this PR.

This is a bug fix that corrects how transactions with HTML-encoded category/tag names (e.g., Uber & car washes vs Uber & car washes) are grouped in the report view. The changes are limited to internal grouping logic in ReportLayoutUtils.ts, TagUtils.ts, PolicyUtils.ts, and display decoding in TagCell.tsx. There are no new features, settings, workflows, or user-facing behavioral changes that would need to be documented on the help site.

[OSBotify]

🚀 Deployed to production by https://github.com/roryabraham in version: 9.3.77-3 🚀

platform	result
🕸 web 🕸	success ✅
🤖 android 🤖	success ✅
🍎 iOS 🍎	success ✅