Merge pull request #1751 from owncloud/sanitizeHTML

Sanitize html

apps/files_external/templates/settings.php

@@ -18,7 +18,7 @@
 			<?php foreach ($_['mounts'] as $mountPoint => $mount): ?>
 				<tr <?php echo ($mountPoint != '') ? 'class="'.$mount['class'].'"' : 'id="addMountPoint"'; ?>>
 					<td class="mountPoint"><input type="text" name="mountPoint"
-												  value="<?php echo $mountPoint; ?>"
+												  value="<?php p($mountPoint); ?>"
 												  placeholder="<?php echo $l->t('Mount point'); ?>" /></td>
 					<?php if ($mountPoint == ''): ?>
 						<td class="backend">

settings/js/users.js

@@ -182,7 +182,7 @@ var UserList = {
 			var addGroup = function (select, group) {
 				$('select[multiple]').each(function (index, element) {
 					if ($(element).find('option[value="' + group + '"]').length === 0 && select.data('msid') !== $(element).data('msid')) {
-						$(element).append('<option value="' + group + '">' + group + '</option>');
+						$(element).append('<option value="' + escapeHTML(group) + '">' + escapeHTML(group) + '</option>');
 					}
 				})
 			};