Nice catch! I just submitted a PR to fix this in core (another will follow shortly for assignment).
https://github.com/discourse/discourse/pull/8095
Special characters are escaped before being rendered, however, fancy_title
is already escaped. Escaping it again would print the HTML entity as-is, e.g. "
instead of the desired "
.