Hello, @joho68
Allow me to get more context on the question here. I tried to reproduce this on my end as well but my username was not highlighted when the payload was sent via cURL. Unless me and @XxLilBoPeepsxX were testing it incorrectly, would you mind sharing more details of the application you have on your end?
Some screen shots will help us to visualize the problem better too. Thanks.