diff --git a/public/src/client/groups/list.js b/public/src/client/groups/list.js
index 3fc76a4962..d4a92ac9aa 100644
--- a/public/src/client/groups/list.js
+++ b/public/src/client/groups/list.js
@@ -10,7 +10,7 @@ define('forum/groups/list', function() {
 		groupsEl.on('click', '.list-cover', function() {
 			var groupName = $(this).parents('[data-group]').attr('data-group');
 
-			ajaxify.go('groups/' + groupName);
+			ajaxify.go('groups/' + encodeURIComponent(groupName));
 		});
 
 		// Group creation
diff --git a/src/groups.js b/src/groups.js
index 696d8a690f..78e874851c 100644
--- a/src/groups.js
+++ b/src/groups.js
@@ -7,6 +7,7 @@ var async = require('async'),
 	path = require('path'),
 	nconf = require('nconf'),
 	fs = require('fs'),
+	validator = require('validator'),
 
 	user = require('./user'),
 	meta = require('./meta'),
@@ -202,6 +203,9 @@ var async = require('async'),
 				results.base['cover:position'] = '50% 50%';
 			}
 
+			results.base.name = validator.escape(results.base.name);
+			results.base.description = validator.escape(results.base.description);
+			results.base.userTitle = validator.escape(results.base.userTitle);
 			results.base.members = results.users.filter(Boolean);
 			results.base.pending = results.pending.filter(Boolean);
 			results.base.count = numUsers || results.base.members.length;