1 files changed, 6 insertions, 2 deletions

diff --git a/server/sonar-web/src/main/js/apps/users/groups-view.js b/server/sonar-web/src/main/js/apps/users/groups-view.js
index f3afe2de43f..d1ea9ba765c 100644
--- a/server/sonar-web/src/main/js/apps/users/groups-view.js
+++ b/server/sonar-web/src/main/js/apps/users/groups-view.js
@@ -17,6 +17,7 @@
  * along with this program; if not, write to the Free Software Foundation,
  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  */
+import escapeHtml from 'escape-html';
 import Modal from '../../components/common/modals';
 import '../../components/SelectList';
 import Template from './templates/users-groups.hbs';
@@ -31,8 +32,11 @@ export default Modal.extend({
       width: '100%',
       readOnly: false,
       focusSearch: false,
-      format(item) {
-        return `${item.name}<br><span class="note">${item.description}</span>`;
+      dangerouslyUnescapedHtmlFormat(item) {
+        return (
+          `${escapeHtml(item.name)}<br>` +
+          `<span class="note">${escapeHtml(item.description)}</span>`
+        );
       },
       queryParam: 'q',
       searchUrl: window.baseUrl + '/api/users/groups?ps=100&login=' + this.model.id,