fixing more exposed XSS outlets in groups frontend

public/src/client/groups/details.js

@@ -134,7 +134,7 @@ define('forum/groups/details', ['iconSelect', 'vendor/colorpicker/colorpicker',
 	};
 
 	Details.deleteGroup = function() {
-		bootbox.confirm('Are you sure you want to delete the group: ' + ajaxify.variables.get('group_name'), function(confirm) {
+		bootbox.confirm('Are you sure you want to delete the group: ' + utils.escapeHTML(ajaxify.variables.get('group_name')), function(confirm) {
 			if (confirm) {
 				bootbox.prompt('Please enter the name of this group in order to delete it:', function(response) {
 					if (response === ajaxify.variables.get('group_name')) {
@@ -142,7 +142,7 @@ define('forum/groups/details', ['iconSelect', 'vendor/colorpicker/colorpicker',
 							groupName: ajaxify.variables.get('group_name')
 						}, function(err) {
 							if (!err) {
-								app.alertSuccess('[[groups:event.deleted, ' + ajaxify.variables.get('group_name') + ']]');
+								app.alertSuccess('[[groups:event.deleted, ' + utils.escapeHTML(ajaxify.variables.get('group_name')) + ']]');
 								ajaxify.go('groups');
 							} else {
 								app.alertError(err.message);

public/src/client/groups/list.js

@@ -21,7 +21,7 @@ define('forum/groups/list', function() {
 						name: name
 					}, function(err) {
 						if (!err) {
-							ajaxify.go('groups/' + name);
+							ajaxify.go('groups/' + encodeURIComponent(name));
 						} else {
 							app.alertError(err.message);
 						}

public/src/utils.js

@@ -248,6 +248,10 @@
 			return text.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&");
 		},
 
+		escapeHTML: function(raw) {
+			return raw.replace(/&/gm,"&amp;").replace(/</gm,"&lt;").replace(/>/gm,"&gt;");
+		},
+
 		isAndroidBrowser: function() {
 			// http://stackoverflow.com/questions/9286355/how-to-detect-only-the-native-android-browser
 			var nua = navigator.userAgent;