diff --git a/settings/ajax/togglegroups.php b/settings/ajax/togglegroups.php
index de941f991320f7fffb5b101ab910f339e2fbe996..b7746fed8f19200b02bf82505612229e6740b5ad 100644
--- a/settings/ajax/togglegroups.php
+++ b/settings/ajax/togglegroups.php
@@ -5,7 +5,7 @@ OCP\JSON::callCheck();
 
 $success = true;
 $username = $_POST["username"];
-$group = OC_Util::sanitizeHTML($_POST["group"]);
+$group = $_POST["group"];
 
 if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))) {
 	$l = OC_L10N::get('core');
diff --git a/settings/ajax/togglesubadmins.php b/settings/ajax/togglesubadmins.php
index 7aaa90aad5fbd1ae159d6062c85e6266bdb2f570..a99e805f69dff88ec3d1cd04636d409584975fbc 100644
--- a/settings/ajax/togglesubadmins.php
+++ b/settings/ajax/togglesubadmins.php
@@ -4,7 +4,7 @@ OC_JSON::checkAdminUser();
 OCP\JSON::callCheck();
 
 $username = $_POST["username"];
-$group = OC_Util::sanitizeHTML($_POST["group"]);
+$group = $_POST["group"];
 
 // Toggle group
 if(OC_SubAdmin::isSubAdminofGroup($username, $group)) {