diff --git a/settings/ajax/togglegroups.php b/settings/ajax/togglegroups.php
index 3ee3239dd89ddcc42adb97712d0250dd5f3b2a2a..f76e22f51d2b5001845cfa7b38e6b3fd6111aa65 100644
--- a/settings/ajax/togglegroups.php
+++ b/settings/ajax/togglegroups.php
@@ -10,7 +10,7 @@ $error = "add user to";
 $action = "add";
 
 $username = $_POST["username"];
-$group = $_POST["group"];
+$group = htmlentities($_POST["group"]);
 
 if(!OC_Group::groupExists($group)){
 	OC_Group::createGroup($group);