backport

https://github.com/owncloud/core/pull/1751

2 files changed, 2 insertions, 2 deletions

diff --git a/apps/files_external/templates/settings.php b/apps/files_external/templates/settings.php
index 82399b0f1e2..b8d7f55ea81 100644
--- a/apps/files_external/templates/settings.php
+++ b/apps/files_external/templates/settings.php
@@ -17,7 +17,7 @@
 			<?php $_['mounts'] = array_merge($_['mounts'], array('' => array())); ?>
 			<?php foreach ($_['mounts'] as $mountPoint => $mount): ?>
 				<tr <?php echo ($mountPoint != '') ? 'class="'.$mount['class'].'"' : 'id="addMountPoint"'; ?>>
-					<td class="mountPoint"><input type="text" name="mountPoint" value="<?php echo $mountPoint; ?>" placeholder="<?php echo $l->t('Mount point'); ?>" /></td>
+					<td class="mountPoint"><input type="text" name="mountPoint" value="<?php echo p($mountPoint); ?>" placeholder="<?php echo $l->t('Mount point'); ?>" /></td>
 					<?php if ($mountPoint == ''): ?>
 						<td class="backend">
 							<select id="selectBackend" data-configurations='<?php echo json_encode($_['backends']); ?>'>
diff --git a/settings/js/users.js b/settings/js/users.js
index 473b8dba086..9f998ae6298 100644
--- a/settings/js/users.js
+++ b/settings/js/users.js
@@ -181,7 +181,7 @@ var UserList={
 			var addGroup = function(group) {
 				$('select[multiple]').each(function(index, element) {
 					if ($(element).find('option[value="'+group +'"]').length == 0) {
-						$(element).append('<option value="'+group+'">'+group+'</option>');
+						$(element).append('<option value="' + escapeHTML(group) + '">' + escapeHTML(group) + '</option>');
 					}
 				})
 			};