From 3b5c62f697d26d194bc869cebc6e451edfec0278 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rub=C3=A9n=20D?= <nuxsmin@syspass.org>
Date: Tue, 24 May 2022 06:56:44 +0200
Subject: [PATCH] fix: Prevent XSS on all output variables.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Rubén D <nuxsmin@syspass.org>
---
 .../views/account/account-editpass.inc        |  6 +-
 .../views/account/account-history.inc         | 29 ++++--
 .../views/account/account-link.inc            | 12 +--
 .../views/account/account-permissions.inc     | 20 ++--
 .../views/account/account-request.inc         |  4 +-
 .../material-blue/views/account/account.inc   | 16 ++--
 .../material-blue/views/account/details.inc   |  8 +-
 .../views/account/files-list.inc              |  4 +-
 .../views/account/linkedAccounts.inc          |  2 +-
 .../views/account/search-rows.inc             | 92 ++++++++++++++-----
 .../views/account/search-searchbox.inc        |  6 +-
 .../views/common/aux-customfields.inc         |  8 +-
 .../material-blue/views/config/encryption.inc |  2 +-
 .../views/config/general-auth.inc             |  4 +-
 .../material-blue/views/config/import.inc     |  4 +-
 .../material-blue/views/config/ldap.inc       | 12 +--
 .../views/config/wiki-dokuwiki.inc            |  2 +-
 .../views/itemshow/account_bulkedit.inc       | 18 ++--
 .../views/itemshow/auth_token.inc             |  4 +-
 .../material-blue/views/itemshow/category.inc |  4 +-
 .../material-blue/views/itemshow/client.inc   |  4 +-
 .../views/itemshow/custom_field.inc           |  2 +-
 .../material-blue/views/itemshow/file.inc     |  2 +-
 .../views/itemshow/item_preset-password.inc   |  2 +-
 .../views/itemshow/item_preset-permission.inc |  8 +-
 .../views/itemshow/item_preset.inc            |  6 +-
 .../views/itemshow/public_link.inc            |  9 +-
 .../material-blue/views/itemshow/tag.inc      |  2 +-
 .../material-blue/views/itemshow/user.inc     | 22 +++--
 .../views/itemshow/user_group.inc             | 25 +++--
 .../views/itemshow/user_pass.inc              |  4 +-
 .../views/itemshow/user_profile.inc           |  2 +-
 .../views/notification/notification.inc       | 37 +++++---
 33 files changed, 239 insertions(+), 143 deletions(-)

diff --git a/app/modules/web/themes/material-blue/views/account/account-editpass.inc b/app/modules/web/themes/material-blue/views/account/account-editpass.inc
index 31e45cd8..498fad52 100644
--- a/app/modules/web/themes/material-blue/views/account/account-editpass.inc
+++ b/app/modules/web/themes/material-blue/views/account/account-editpass.inc
@@ -36,7 +36,7 @@ $accountAcl = $_getvar('accountAcl');
                     <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                         <input id="name" name="name" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
-                               value="<?php echo htmlentities($accountData->getName()); ?>"
+                               value="<?php echo htmlspecialchars($accountData->getName(), ENT_QUOTES); ?>"
                                readonly>
                         <label class="mdl-textfield__label"
                                for="name"><?php echo __('Account name'); ?></label>
@@ -49,7 +49,7 @@ $accountAcl = $_getvar('accountAcl');
                     <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                         <input id="client" name="client" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
-                               value="<?php echo htmlentities($accountData->getClientName()); ?>"
+                               value="<?php echo htmlspecialchars($accountData->getClientName(), ENT_QUOTES); ?>"
                                readonly>
                         <label class="mdl-textfield__label"
                                for="client"><?php echo __('Client'); ?></label>
@@ -75,7 +75,7 @@ $accountAcl = $_getvar('accountAcl');
                     <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                         <input id="login" name="login" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
-                               value="<?php echo htmlentities($accountData->getLogin()); ?>"
+                               value="<?php echo htmlspecialchars($accountData->getLogin(), ENT_QUOTES); ?>"
                                readonly>
                         <label class="mdl-textfield__label"
                                for="login"><?php echo __('User'); ?></label>
diff --git a/app/modules/web/themes/material-blue/views/account/account-history.inc b/app/modules/web/themes/material-blue/views/account/account-history.inc
index bcb26c4c..662c7dfa 100644
--- a/app/modules/web/themes/material-blue/views/account/account-history.inc
+++ b/app/modules/web/themes/material-blue/views/account/account-history.inc
@@ -55,7 +55,7 @@ $accountAcl = $_getvar('accountAcl');
                                        required
                                        class="mdl-textfield__input mdl-color-text--indigo-400"
                                        maxlength="50"
-                                       value="<?php echo htmlentities($accountData->getName()); ?>"
+                                       value="<?php echo htmlspecialchars($accountData->getName(), ENT_QUOTES); ?>"
                                        tabindex="1" readonly>
                                 <label class="mdl-textfield__label"
                                        for="name"><?php echo __('Account name'); ?></label>
@@ -73,7 +73,10 @@ $accountAcl = $_getvar('accountAcl');
                                 <?php /** @var SelectItem $client */
                                 foreach ($_getvar('clients') as $client): ?>
                                     <option
-                                            value="<?php echo $client->getId(); ?>" <?php echo $client->isSelected() ? 'selected' : ''; ?>><?php echo htmlentities($client->getName()); ?></option>
+                                            value="<?php echo $client->getId(); ?>"
+                                        <?php echo $client->isSelected() ? 'selected' : ''; ?>>
+                                        <?php echo htmlspecialchars($client->getName(), ENT_QUOTES); ?>
+                                    </option>
                                 <?php endforeach; ?>
                             </select>
                         </td>
@@ -90,7 +93,10 @@ $accountAcl = $_getvar('accountAcl');
                                 <?php /** @var SelectItem $category */
                                 foreach ($_getvar('categories') as $category): ?>
                                     <option
-                                            value="<?php echo $category->getId(); ?>" <?php echo $category->isSelected() ? 'selected' : ''; ?>><?php echo htmlentities($category->getName()); ?></option>
+                                            value="<?php echo $category->getId(); ?>"
+                                        <?php echo $category->isSelected() ? 'selected' : ''; ?>>
+                                        <?php echo htmlspecialchars($category->getName(), ENT_QUOTES); ?>
+                                    </option>
                                 <?php endforeach; ?>
                             </select>
                         </td>
@@ -116,7 +122,7 @@ $accountAcl = $_getvar('accountAcl');
                                 <input id="login" name="login" type="text"
                                        class="mdl-textfield__input mdl-color-text--indigo-400"
                                        maxlength="50" tabindex="5"
-                                       value="<?php echo htmlentities($accountData->getLogin()); ?>"
+                                       value="<?php echo htmlspecialchars($accountData->getLogin(), ENT_QUOTES); ?>"
                                        readonly>
                                 <label class="mdl-textfield__label"
                                        for="name"><?php echo __('Access user'); ?></label>
@@ -147,7 +153,8 @@ $accountAcl = $_getvar('accountAcl');
                                 rows="3" id="notes"
                                 name="notes" tabindex="9"
                                 maxlength="5000"
-                                readonly><?php echo htmlspecialchars($accountData->getNotes()); ?></textarea>
+                                readonly><?php echo htmlspecialchars($accountData->getNotes(), ENT_QUOTES); ?>
+                        </textarea>
                                 <label class="mdl-textfield__label"
                                        for="notes"><?php echo __('Notes about the account'); ?></label>
                             </div>
@@ -168,7 +175,9 @@ $accountAcl = $_getvar('accountAcl');
                                     foreach ($_getvar('historyData') as $history): ?>
                                         <option
                                                 value="<?php echo $history->getId(); ?>"
-                                            <?php echo $history->isSelected() ? 'selected' : ''; ?>><?php echo htmlentities($history->getName()); ?></option>
+                                            <?php echo $history->isSelected() ? 'selected' : ''; ?>>
+                                            <?php echo htmlspecialchars($history->getName(), ENT_QUOTES); ?>
+                                        </option>
                                     <?php endforeach; ?>
                                 </select>
                             </td>
@@ -177,7 +186,13 @@ $accountAcl = $_getvar('accountAcl');
 
                     <tr>
                         <td class="descField"><?php echo __('Last Modification'); ?></td>
-                        <td class="valField"><?php printf('%s (%s)', $accountData->getDateEdit(), htmlentities($accountData->getUserEditName()) ?: htmlentities($accountData->getUserEditLogin())); ?></td>
+                        <td class="valField">
+                            <?php printf(
+                                    '%s (%s)',
+                                    $accountData->getDateEdit(),
+                                    htmlspecialchars($accountData->getUserEditName(), ENT_QUOTES)
+                                ?: htmlspecialchars($accountData->getUserEditLogin(), ENT_QUOTES)); ?>
+                        </td>
                     </tr>
                 </table>
 
diff --git a/app/modules/web/themes/material-blue/views/account/account-link.inc b/app/modules/web/themes/material-blue/views/account/account-link.inc
index b3339d00..97f1a25c 100644
--- a/app/modules/web/themes/material-blue/views/account/account-link.inc
+++ b/app/modules/web/themes/material-blue/views/account/account-link.inc
@@ -29,7 +29,7 @@ $accountData = $_getvar('accountData');
                         <input id="name" name="name" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
                                maxlength="50"
-                               value="<?php echo htmlentities($accountData->getName()); ?>"
+                               value="<?php echo htmlspecialchars($accountData->getName(), ENT_QUOTES); ?>"
                                readonly>
                         <label class="mdl-textfield__label"
                                for="name"><?php echo __('Account name'); ?></label>
@@ -42,7 +42,7 @@ $accountData = $_getvar('accountData');
                     <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                         <input id="client" name="client" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
-                               value="<?php echo htmlentities($accountData->getClientName()); ?>"
+                               value="<?php echo htmlspecialchars($accountData->getClientName(), ENT_QUOTES); ?>"
                                readonly>
                         <label class="mdl-textfield__label"
                                for="client"><?php echo __('Client'); ?></label>
@@ -55,7 +55,7 @@ $accountData = $_getvar('accountData');
                     <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                         <input id="category" name="category" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
-                               value="<?php echo htmlentities($accountData->getCategoryName()); ?>"
+                               value="<?php echo htmlspecialchars($accountData->getCategoryName(), ENT_QUOTES); ?>"
                                readonly>
                         <label class="mdl-textfield__label"
                                for="category"><?php echo __('Category'); ?></label>
@@ -68,7 +68,7 @@ $accountData = $_getvar('accountData');
                     <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                         <input id="url" name="url" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
-                               value="<?php echo $accountData->getUrl(); ?>"
+                               value="<?php echo htmlspecialchars($accountData->getUrl(), ENT_QUOTES); ?>"
                                readonly>
                         <label class="mdl-textfield__label"
                                for="url"><?php echo __('URL / IP'); ?></label>
@@ -81,7 +81,7 @@ $accountData = $_getvar('accountData');
                     <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                         <input id="login" name="login" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
-                               value="<?php echo htmlentities($accountData->getLogin()); ?>"
+                               value="<?php echo htmlspecialchars($accountData->getLogin(), ENT_QUOTES); ?>"
                                readonly>
                         <label class="mdl-textfield__label"
                                for="login"><?php echo __('User'); ?></label>
@@ -97,7 +97,7 @@ $accountData = $_getvar('accountData');
                                 rows="3" id="notes"
                                 name="notes"
                                 maxlength="1000"
-                                readonly><?php echo htmlspecialchars($accountData->getNotes()); ?></textarea>
+                                readonly><?php echo htmlspecialchars($accountData->getNotes(), ENT_QUOTES); ?></textarea>
                         <label class="mdl-textfield__label"
                                for="notes"><?php echo __('Notes about the account'); ?></label>
                     </div>
diff --git a/app/modules/web/themes/material-blue/views/account/account-permissions.inc b/app/modules/web/themes/material-blue/views/account/account-permissions.inc
index b19205aa..2926c007 100644
--- a/app/modules/web/themes/material-blue/views/account/account-permissions.inc
+++ b/app/modules/web/themes/material-blue/views/account/account-permissions.inc
@@ -35,7 +35,7 @@ use SP\Services\Account\AccountAcl;
                                         <?php if ($otherUser->isSkip()): continue; endif; ?>
                                         <option
                                                 value="<?php echo $otherUser->getId(); ?>"
-                                            <?php echo $otherUser->isSelected() ? 'selected' : '' ?>><?php echo htmlentities($otherUser->getName()); ?></option>
+                                            <?php echo $otherUser->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($otherUser->getName(), ENT_QUOTES); ?></option>
                                     <?php endforeach; ?>
                                 </select>
                                 <i class="material-icons select-icon"
@@ -48,7 +48,7 @@ use SP\Services\Account\AccountAcl;
                                         <?php /** @var SelectItem $otherUser */
                                         foreach ($_getvar('otherUsersView') as $otherUser): ?>
                                             <?php if ($otherUser->isSelected()): ?>
-                                                <span class="tag"><?php echo htmlentities($otherUser->getName()); ?></span>
+                                                <span class="tag"><?php echo htmlspecialchars($otherUser->getName(), ENT_QUOTES); ?></span>
                                             <?php endif; ?>
                                         <?php endforeach; ?>
                                     </div>
@@ -68,7 +68,7 @@ use SP\Services\Account\AccountAcl;
                                         <?php if ($otherUser->isSkip()): continue; endif; ?>
                                         <option
                                                 value="<?php echo $otherUser->getId(); ?>"
-                                            <?php echo $otherUser->isSelected() ? 'selected' : '' ?>><?php echo htmlentities($otherUser->getName()); ?></option>
+                                            <?php echo $otherUser->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($otherUser->getName(), ENT_QUOTES); ?></option>
                                     <?php endforeach; ?>
                                 </select>
                                 <i class="material-icons select-icon"
@@ -81,7 +81,7 @@ use SP\Services\Account\AccountAcl;
                                         <?php /** @var SelectItem $otherUser */
                                         foreach ($_getvar('otherUsersEdit') as $otherUser): ?>
                                             <?php if ($otherUser->isSelected()): ?>
-                                                <span class="tag"><?php echo htmlentities($otherUser->getName()); ?></span>
+                                                <span class="tag"><?php echo htmlspecialchars($otherUser->getName(), ENT_QUOTES); ?></span>
                                             <?php endif; ?>
                                         <?php endforeach; ?>
                                     </div>
@@ -107,7 +107,7 @@ use SP\Services\Account\AccountAcl;
                                         <?php if ($otherUserGroup->isSkip()): continue; endif; ?>
                                         <option
                                                 value="<?php echo $otherUserGroup->getId(); ?>"
-                                            <?php echo $otherUserGroup->isSelected() ? 'selected' : '' ?>><?php echo htmlentities($otherUserGroup->getName()); ?></option>
+                                            <?php echo $otherUserGroup->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($otherUserGroup->getName(), ENT_QUOTES); ?></option>
                                     <?php endforeach; ?>
                                 </select>
                                 <i class="material-icons select-icon"
@@ -120,7 +120,7 @@ use SP\Services\Account\AccountAcl;
                                         <?php /** @var SelectItem $otherUserGroup */
                                         foreach ($_getvar('otherUserGroupsView') as $otherUserGroup): ?>
                                             <?php if ($otherUserGroup->isSelected()): ?>
-                                                <span class="tag"><?php echo htmlentities($otherUserGroup->getName()); ?></span>
+                                                <span class="tag"><?php echo htmlspecialchars($otherUserGroup->getName(), ENT_QUOTES); ?></span>
                                             <?php endif; ?>
                                         <?php endforeach; ?>
                                     </div>
@@ -140,7 +140,7 @@ use SP\Services\Account\AccountAcl;
                                         <?php if ($otherUserGroup->isSkip()): continue; endif; ?>
                                         <option
                                                 value="<?php echo $otherUserGroup->getId(); ?>"
-                                            <?php echo $otherUserGroup->isSelected() ? 'selected' : '' ?>><?php echo htmlentities($otherUserGroup->getName()); ?></option>
+                                            <?php echo $otherUserGroup->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($otherUserGroup->getName(), ENT_QUOTES); ?></option>
                                     <?php endforeach; ?>
                                 </select>
                                 <i class="material-icons select-icon"
@@ -153,7 +153,7 @@ use SP\Services\Account\AccountAcl;
                                         <?php /** @var SelectItem $otherUserGroup */
                                         foreach ($_getvar('otherUserGroupsEdit') as $otherUserGroup): ?>
                                             <?php if ($otherUserGroup->isSelected()): ?>
-                                                <span class="tag"><?php echo htmlentities($otherUserGroup->getName()); ?></span>
+                                                <span class="tag"><?php echo htmlspecialchars($otherUserGroup->getName(), ENT_QUOTES); ?></span>
                                             <?php endif; ?>
                                         <?php endforeach; ?>
                                     </div>
@@ -189,7 +189,7 @@ use SP\Services\Account\AccountAcl;
                         foreach ($_getvar('users') as $user): ?>
                             <option
                                     value="<?php echo $user->getId(); ?>"
-                                <?php echo $user->isSelected() ? 'selected' : ''; ?>><?php echo htmlentities($user->getName()); ?></option>
+                                <?php echo $user->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?></option>
                         <?php endforeach; ?>
                     </select>
                 </td>
@@ -213,7 +213,7 @@ use SP\Services\Account\AccountAcl;
                         foreach ($_getvar('userGroups') as $userGroup): ?>
                             <option
                                     value="<?php echo $userGroup->getId(); ?>"
-                                <?php echo $userGroup->isSelected() ? 'selected' : ''; ?>><?php echo htmlentities($userGroup->getName()); ?></option>
+                                <?php echo $userGroup->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?></option>
                         <?php endforeach; ?>
                     </select>
                 </td>
diff --git a/app/modules/web/themes/material-blue/views/account/account-request.inc b/app/modules/web/themes/material-blue/views/account/account-request.inc
index 40918324..01d2e018 100644
--- a/app/modules/web/themes/material-blue/views/account/account-request.inc
+++ b/app/modules/web/themes/material-blue/views/account/account-request.inc
@@ -32,7 +32,7 @@ $accountData = $_getvar('accountData');
                     <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                         <input id="name" name="name" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
-                               value="<?php echo htmlentities($accountData->getName()); ?>"
+                               value="<?php echo htmlspecialchars($accountData->getName(), ENT_QUOTES); ?>"
                                readonly>
                         <label class="mdl-textfield__label"
                                for="name"><?php echo __('Account name'); ?></label>
@@ -45,7 +45,7 @@ $accountData = $_getvar('accountData');
                     <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                         <input id="client" name="client" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
-                               value="<?php echo htmlentities($accountData->getClientName()); ?>"
+                               value="<?php echo htmlspecialchars($accountData->getClientName(), ENT_QUOTES); ?>"
                                readonly>
                         <label class="mdl-textfield__label"
                                for="client"><?php echo __('Client'); ?></label>
diff --git a/app/modules/web/themes/material-blue/views/account/account.inc b/app/modules/web/themes/material-blue/views/account/account.inc
index 3fbeca71..1038ae6f 100644
--- a/app/modules/web/themes/material-blue/views/account/account.inc
+++ b/app/modules/web/themes/material-blue/views/account/account.inc
@@ -81,7 +81,7 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
                                        class="mdl-textfield__input mdl-color-text--indigo-400"
                                        maxlength="100"
                                        value="<?php echo $gotData
-                                           ? htmlentities($accountData->getName())
+                                           ? htmlspecialchars($accountData->getName(), ENT_QUOTES)
                                            : ''; ?>"
                                     <?php echo $_getvar('readonly'); ?>
                                 >
@@ -108,7 +108,7 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
                                             ? 'selected'
                                             : ''; ?>
                                     >
-                                        <?php echo $client->getName(); ?>
+                                        <?php echo htmlspecialchars($client->getName(), ENT_QUOTES); ?>
                                     </option>
                                 <?php endforeach; ?>
                             </select>
@@ -140,7 +140,7 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
                                             ? 'selected'
                                             : ''; ?>
                                     >
-                                        <?php echo htmlentities($category->getName()); ?>
+                                        <?php echo htmlspecialchars($category->getName(), ENT_QUOTES); ?>
                                     </option>
                                 <?php endforeach; ?>
                             </select>
@@ -180,7 +180,7 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
                                        class="mdl-textfield__input mdl-color-text--indigo-400"
                                        maxlength="50"
                                        value="<?php echo $gotData
-                                           ? htmlentities($accountData->getLogin())
+                                           ? htmlspecialchars($accountData->getLogin(), ENT_QUOTES)
                                            : ''; ?>"
                                     <?php echo $_getvar('readonly'); ?>
                                 >
@@ -275,7 +275,7 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
                                     foreach ($_getvar('tags') as $tag): ?>
                                         <option value="<?php echo $tag->getId(); ?>"
                                             <?php echo $tag->isSelected() ? 'selected' : ''; ?>>
-                                            <?php echo htmlentities($tag->getName()); ?>
+                                            <?php echo htmlspecialchars($tag->getName(), ENT_QUOTES); ?>
                                         </option>
                                     <?php endforeach; ?>
                                 </select>
@@ -301,7 +301,7 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
                                             <?php /** @var SelectItem $tag */
                                             foreach ($_getvar('tags') as $tag): ?>
                                                 <?php if ($tag->isSelected()): ?>
-                                                    <span class="tag"><?php echo htmlentities($tag->getName()); ?></span>
+                                                    <span class="tag"><?php echo htmlspecialchars($tag->getName(), ENT_QUOTES); ?></span>
                                                 <?php endif; ?>
                                             <?php endforeach; ?>
                                         </div>
@@ -345,7 +345,7 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
                                     foreach ($_getvar('historyData') as $history): ?>
                                         <option
                                                 value="<?php echo $history->getId(); ?>">
-                                            <?php echo htmlentities($history->getName()); ?>
+                                            <?php echo htmlspecialchars($history->getName(), ENT_QUOTES); ?>
                                         </option>
                                     <?php endforeach; ?>
                                 </select>
@@ -360,7 +360,7 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
                             <td class="descField"><?php echo __('Last Modification'); ?></td>
                             <td class="valField"><?php printf('%s (%s)',
                                     $accountData->getDateEdit(),
-                                    $accountData->getUserEditName()); ?>
+                                    htmlspecialchars($accountData->getUserEditName(), ENT_QUOTES)); ?>
                             </td>
                         </tr>
                     <?php endif; ?>
diff --git a/app/modules/web/themes/material-blue/views/account/details.inc b/app/modules/web/themes/material-blue/views/account/details.inc
index 2b180eb6..df7a5833 100644
--- a/app/modules/web/themes/material-blue/views/account/details.inc
+++ b/app/modules/web/themes/material-blue/views/account/details.inc
@@ -38,7 +38,7 @@ use SP\Services\Account\AccountAcl;
                 <td class="valField">
                     <div class="lowres-title"><?php echo __('Last Modification'); ?></div>
 
-                    <?php printf('%s (%s)', $accountData->getDateEdit(), htmlentities($accountData->getUserEditName())); ?>
+                    <?php printf('%s (%s)', $accountData->getDateEdit(), htmlspecialchars($accountData->getUserEditName(), ENT_QUOTES)); ?>
                 </td>
             </tr>
         <?php endif; ?>
@@ -48,7 +48,7 @@ use SP\Services\Account\AccountAcl;
             <td class="valField">
                 <div class="lowres-title"><?php echo __('Owner'); ?></div>
 
-                <?php echo htmlentities($accountData->getUserName()) ?: htmlentities($accountData->getUserLogin()); ?>
+                <?php echo htmlspecialchars($accountData->getUserName(), ENT_QUOTES) ?: htmlspecialchars($accountData->getUserLogin(), ENT_QUOTES); ?>
             </td>
         </tr>
         <tr>
@@ -56,7 +56,7 @@ use SP\Services\Account\AccountAcl;
             <td class="valField">
                 <div class="lowres-title"><?php echo __('Main Group'); ?></div>
 
-                <?php echo htmlentities($accountData->getUserGroupName()); ?>
+                <?php echo htmlspecialchars($accountData->getUserGroupName(), ENT_QUOTES); ?>
             </td>
         </tr>
 
@@ -74,7 +74,7 @@ use SP\Services\Account\AccountAcl;
                 <td class="valField">
                     <div class="lowres-title"><?php echo __('Editor'); ?></div>
 
-                    <?php echo htmlentities($accountData->getUserEditName()) ?: htmlentities($accountData->getUserEditLogin()); ?>
+                    <?php echo htmlspecialchars($accountData->getUserEditName(), ENT_QUOTES) ?: htmlspecialchars($accountData->getUserEditLogin(), ENT_QUOTES); ?>
                 </td>
             </tr>
         <?php endif; ?>
diff --git a/app/modules/web/themes/material-blue/views/account/files-list.inc b/app/modules/web/themes/material-blue/views/account/files-list.inc
index 5c83bb54..c0eb5db5 100644
--- a/app/modules/web/themes/material-blue/views/account/files-list.inc
+++ b/app/modules/web/themes/material-blue/views/account/files-list.inc
@@ -19,14 +19,14 @@ use SP\Html\Html;
             ?>
             <li class="mdl-list__item">
                 <span class="mdl-list__item-primary-content"
-                      title="<?php echo $file->getName(); ?>">
+                      title="<?php echo htmlspecialchars($file->getName(), ENT_QUOTES); ?>">
                     <i class="material-icons  mdl-list__item-icon">attachment</i>
                     <span><?php printf('%s (%d KB)', Html::truncate($file->getName(), 50), $file->getSize() / 1024); ?></span>
                 </span>
 
                 <span class="list-actions">
                     <?php if ($file->getThumb() !== 'no_thumb'): ?>
-                        <span title="<?php echo $file->getName(); ?>"
+                        <span title="<?php echo htmlspecialchars($file->getName(), ENT_QUOTES); ?>"
                               class="btn-action"
                               data-item-id="<?php echo $file->getId(); ?>"
                               data-action-route="<?php echo $_getvar('fileViewRoute'); ?>"
diff --git a/app/modules/web/themes/material-blue/views/account/linkedAccounts.inc b/app/modules/web/themes/material-blue/views/account/linkedAccounts.inc
index a90d7f9e..ee404424 100644
--- a/app/modules/web/themes/material-blue/views/account/linkedAccounts.inc
+++ b/app/modules/web/themes/material-blue/views/account/linkedAccounts.inc
@@ -16,7 +16,7 @@ use SP\Core\UI\ThemeIcons;
                 <li class="mdl-list__item">
                     <span class="btn-action mdl-list__item-primary-content">
                         <i class="material-icons mdl-list__item-icon">layers</i>
-                        <?php printf('%s (%s)', $account->name, $account->clientName); ?>
+                        <?php printf('%s (%s)', htmlspecialchars($account->name, ENT_QUOTES), htmlspecialchars($account->clientName, ENT_QUOTES)); ?>
                     </span>
                     <span class="list-actions">
                         <i class="material-icons btn-action mdl-list__item-icon <?php echo $icons->getIconEdit()->getClass(); ?>"
diff --git a/app/modules/web/themes/material-blue/views/account/search-rows.inc b/app/modules/web/themes/material-blue/views/account/search-rows.inc
index 6e6e83ac..d6b4b492 100644
--- a/app/modules/web/themes/material-blue/views/account/search-rows.inc
+++ b/app/modules/web/themes/material-blue/views/account/search-rows.inc
@@ -43,17 +43,25 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                                title="<?php echo __('Search in Wiki'); ?>">
                                 <span class="mdl-chip mdl-chip--contact">
                                     <span style="background-color: <?php echo $accountSearchItem->getColor(); ?>;"
-                                          class="mdl-chip__contact mdl-color-text--white"><?php echo htmlentities(mb_ucfirst($accountSearchData->getClientName())); ?></span>
+                                          class="mdl-chip__contact mdl-color-text--white">
+                                        <?php echo htmlspecialchars(mb_ucfirst($accountSearchData->getClientName()), ENT_QUOTES); ?>
+                                    </span>
                                     <span class="mdl-chip__text"
-                                          title="<?php echo htmlentities($accountSearchData->getClientName()); ?>"><?php echo htmlentities($accountSearchItem->getShortClientName()); ?></span>
+                                          title="<?php echo htmlspecialchars($accountSearchData->getClientName(), ENT_QUOTES); ?>">
+                                        <?php echo htmlspecialchars($accountSearchItem->getShortClientName(), ENT_QUOTES); ?>
+                                    </span>
                                 </span>
                             </a>
                         <?php else: ?>
                             <span class="mdl-chip mdl-chip--contact">
                                 <span style="background-color: <?php echo $accountSearchItem->getColor(); ?>;"
-                                      class="mdl-chip__contact mdl-color-text--white"><?php echo htmlentities(mb_ucfirst($accountSearchData->getClientName())); ?></span>
+                                      class="mdl-chip__contact mdl-color-text--white">
+                                    <?php echo htmlspecialchars(mb_ucfirst($accountSearchData->getClientName()), ENT_QUOTES); ?>
+                                </span>
                                 <span class="mdl-chip__text"
-                                      title="<?php echo htmlentities($accountSearchData->getClientName()); ?>"><?php echo htmlentities($accountSearchItem->getShortClientName()); ?></span>
+                                      title="<?php echo htmlspecialchars($accountSearchData->getClientName(), ENT_QUOTES); ?>">
+                                    <?php echo htmlspecialchars($accountSearchItem->getShortClientName(), ENT_QUOTES); ?>
+                                </span>
                             </span>
                         <?php endif; ?>
                     </div>
@@ -67,23 +75,27 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                                class="btn-action"
                                data-action-route="<?php echo $_getvar('viewAccountRoute'); ?>"
                                data-item-id="<?php echo $accountSearchData->getId(); ?>"
-                               data-onclick="account/view"><?php echo $accountSearchData->getName(); ?></a>
+                               data-onclick="account/view"><?php echo htmlspecialchars(accountSearchData->getName(), ENT_QUOTES); ?></a>
                         <?php else: ?>
                             <div class="field-text">
-                                <?php echo htmlentities($accountSearchData->getName()); ?>
+                                <?php echo htmlspecialchars($accountSearchData->getName(), ENT_QUOTES); ?>
                             </div>
                         <?php endif; ?>
                     </div>
 
                     <div class="field-category field-text label-field">
                         <div class="field-name"><?php echo __('Category'); ?></div>
-                        <div class="field-text"><?php echo htmlentities($accountSearchData->getCategoryName()); ?></div>
+                        <div class="field-text">
+                            <?php echo htmlspecialchars($accountSearchData->getCategoryName(), ENT_QUOTES); ?>
+                        </div>
                     </div>
 
                     <?php if ($accountSearchItem->isShow()): ?>
                         <div class="field-user field-text label-field">
                             <div class="field-name"><?php echo __('User'); ?></div>
-                            <div class="field-text"><?php echo htmlentities($accountSearchItem->getShortLogin()); ?></div>
+                            <div class="field-text">
+                                <?php echo htmlspecialchars($accountSearchItem->getShortLogin(), ENT_QUOTES); ?>
+                            </div>
                         </div>
 
                         <div class="field-url field-text label-field">
@@ -91,7 +103,9 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                             <?php if ($accountSearchItem->isUrlIslink()): ?>
                                 <a href="<?php echo $accountSearchData->getUrl(); ?>"
                                    target="_blank"
-                                   title="<?php printf(__('Open link to: %s'), $accountSearchData->getUrl()); ?>"><?php echo $accountSearchItem->getShortUrl(); ?></a>
+                                   title="<?php printf(__('Open link to: %s'), $accountSearchData->getUrl()); ?>">
+                                    <?php echo $accountSearchItem->getShortUrl(); ?>
+                                </a>
                             <?php else: ?>
                                 <div class="field-text"><?php echo $accountSearchItem->getShortUrl(); ?></div>
                             <?php endif; ?>
@@ -105,7 +119,9 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                     <div class="tags-box">
                         <?php foreach ($accountSearchItem->getTags() as $tag): ?>
                             <span class="tag"
-                                  data-tag-id="<?php echo $tag->id; ?>"><?php echo htmlentities($tag->name); ?></span>
+                                  data-tag-id="<?php echo $tag->id; ?>">
+                                <?php echo htmlspecialchars($tag->name, ENT_QUOTES); ?>
+                            </span>
                         <?php endforeach; ?>
                     </div>
                 </div>
@@ -119,7 +135,9 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                                 <?php echo $icons->getIconWarning()->getIcon(); ?></i>
                             <span
                                     for="icon-expired-<?php echo $accountSearchData->getId(); ?>"
-                                    class="mdl-tooltip mdl-tooltip--top"><?php echo __('Password Expired'); ?></span>
+                                    class="mdl-tooltip mdl-tooltip--top">
+                                <?php echo __('Password Expired'); ?>
+                            </span>
                         <?php endif; ?>
 
                         <?php if ($accountSearchData->getIsPrivate() === 1): ?>
@@ -127,13 +145,17 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                                class="material-icons">lock</i>
                             <span
                                     for="icon-private-<?php echo $accountSearchData->getId(); ?>"
-                                    class="mdl-tooltip mdl-tooltip--top"><?php echo __('Private Account'); ?></span>
+                                    class="mdl-tooltip mdl-tooltip--top">
+                                <?php echo __('Private Account'); ?>
+                            </span>
                         <?php elseif ($accountSearchData->getIsPrivateGroup() === 1): ?>
                             <i id="icon-private-<?php echo $accountSearchData->getId(); ?>"
                                class="material-icons">lock_open</i>
                             <span
                                     for="icon-private-<?php echo $accountSearchData->getId(); ?>"
-                                    class="mdl-tooltip mdl-tooltip--top"><?php echo __('Private Account (Group)'); ?></span>
+                                    class="mdl-tooltip mdl-tooltip--top">
+                                <?php echo __('Private Account (Group)'); ?>
+                            </span>
                         <?php else: ?>
                             <i id="accesses-<?php echo $accountSearchData->getId(); ?>"
                                class="material-icons">face</i>
@@ -158,7 +180,9 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                                data-status="<?php echo 'on'; ?>">star</i>
                             <span
                                     for="btn-favorite-<?php echo $accountSearchData->getId(); ?>"
-                                    class="mdl-tooltip mdl-tooltip--top"><?php echo __('Delete Favorite'); ?></span>
+                                    class="mdl-tooltip mdl-tooltip--top">
+                                <?php echo __('Delete Favorite'); ?>
+                            </span>
                         <?php else: ?>
                             <i id="btn-favorite-<?php echo $accountSearchData->getId(); ?>"
                                class="material-icons icon-favorite"
@@ -168,7 +192,9 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                                data-status="<?php echo 'off'; ?>">star_border</i>
                             <span
                                     for="btn-favorite-<?php echo $accountSearchData->getId(); ?>"
-                                    class="mdl-tooltip mdl-tooltip--top"><?php echo __('Mark as Favorite'); ?></span>
+                                    class="mdl-tooltip mdl-tooltip--top">
+                                <?php echo __('Mark as Favorite'); ?>
+                            </span>
                         <?php endif; ?>
 
                         <?php if ($accountSearchData->getNotes() !== ''): ?>
@@ -191,7 +217,11 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                             <div class="mdl-tooltip mdl-tooltip--top"
                                  for="attachments-<?php echo $accountSearchData->getId(); ?>">
                                 <div class="tooltip-text">
-                                    <?php printf('%s: %d', __('Attachments'), $accountSearchItem->getNumFiles()); ?>
+                                    <?php printf(
+                                            '%s: %d',
+                                        __('Attachments'),
+                                        $accountSearchItem->getNumFiles()
+                                    ); ?>
                                 </div>
                             </div>
                         <?php endif; ?>
@@ -204,9 +234,17 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                                 <div class="tooltip-text">
                                     <p class="tooltip-header"><?php echo __('Public Link'); ?></p>
                                     <p>
-                                        <?php printf('%s: %s', __('Expiry Date'), DateUtil::getDateFromUnix($accountSearchData->getPublicLinkDateExpire())); ?>
+                                        <?php printf(
+                                                '%s: %s',
+                                            __('Expiry Date'),
+                                            DateUtil::getDateFromUnix($accountSearchData->getPublicLinkDateExpire())
+                                        ); ?>
                                         <br>
-                                        <?php printf('%s: %s', __('Visits'), $accountSearchData->getPublicLinkTotalCountViews()); ?>
+                                        <?php printf(
+                                                '%s: %s',
+                                                __('Visits'),
+                                                $accountSearchData->getPublicLinkTotalCountViews()
+                                        ); ?>
                                     </p>
                                 </div>
                             </div>
@@ -215,7 +253,7 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                         <?php if ($wikiFilter
                             && $accountSearchItem->isWikiMatch($wikiFilter)): ?>
                             <?php if (AccountSearchItem::$dokuWikiEnabled): ?>
-                                <a href="<?php echo $_getvar('wikiPageUrl'), $accountSearchData->getName(); ?>"
+                                <a href="<?php echo $_getvar('wikiPageUrl'), urldecode($accountSearchData->getName()); ?>"
                                    target="_blank">
                                     <i class="material-icons"
                                        title="<?php echo __('Link to Wiki'); ?>">library_books</i>
@@ -223,10 +261,10 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                                 <i class="btn-action material-icons fg-green100"
                                    title="<?php echo __('View at Wiki'); ?>"
                                    data-action-route="<?php echo ActionsInterface::WIKI_VIEW; ?>"
-                                   data-pagename="<?php echo $accountSearchData->getName(); ?>"
+                                   data-pagename="<?php echo htmlspecialchars($accountSearchData->getName(), ENT_QUOTES); ?>"
                                    data-onclick="wiki/show">library_books</i>
                             <?php else: ?>
-                                <a href="<?php echo $_getvar('wikiPageUrl'), $accountSearchData->getName(); ?>"
+                                <a href="<?php echo $_getvar('wikiPageUrl'), urlencode($accountSearchData->getName()); ?>"
                                    target="_blank">
                                     <i class="material-icons"
                                        title="<?php echo __('Link to Wiki'); ?>">library_books</i>
@@ -247,7 +285,9 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                                class="btn-action material-icons <?php echo $action->getClassesAsString(), ' ', $action->getIcon()->getClass(); ?>"
                                data-item-id="<?php echo $accountSearchData->getId(); ?>"
                                data-parent-id="<?php echo $accountSearchData->getParentId(); ?>"
-                                <?php foreach ($action->getData() as $dataName => $dataValue): printf('data-%s="%s"', $dataName, $dataValue); endforeach; ?>>
+                                <?php foreach ($action->getData() as $dataName => $dataValue):
+                                    printf('data-%s="%s"', $dataName, $dataValue);
+                                endforeach; ?>>
                                 <?php echo $action->getIcon()->getIcon(); ?></i>
                             <span
                                     for="<?php echo $actionUid; ?>"
@@ -270,9 +310,13 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                                         <li class="btn-action mdl-menu__item <?php echo $actionMenu->getClassesAsString(); ?>"
                                             data-item-id="<?php echo $accountSearchData->getId(); ?>"
                                             data-parent-id="<?php echo $accountSearchData->getParentId(); ?>"
-                                            <?php foreach ($actionMenu->getData() as $dataName => $dataValue): printf('data-%s="%s"', $dataName, $dataValue); endforeach; ?>>
+                                            <?php foreach ($actionMenu->getData() as $dataName => $dataValue):
+                                                printf('data-%s="%s"', $dataName, $dataValue);
+                                            endforeach; ?>>
                                             <i class="material-icons <?php echo $actionMenu->getIcon()->getClass(); ?>"
-                                               title="<?php echo $actionMenu->getTitle(); ?>"><?php echo $actionMenu->getIcon()->getIcon(); ?></i>
+                                               title="<?php echo $actionMenu->getTitle(); ?>">
+                                                <?php echo $actionMenu->getIcon()->getIcon(); ?>
+                                            </i>
                                             <?php echo $actionMenu->getName(); ?>
                                         </li>
                                     <?php endforeach; ?>
diff --git a/app/modules/web/themes/material-blue/views/account/search-searchbox.inc b/app/modules/web/themes/material-blue/views/account/search-searchbox.inc
index c32cb7ff..06ddfa27 100644
--- a/app/modules/web/themes/material-blue/views/account/search-searchbox.inc
+++ b/app/modules/web/themes/material-blue/views/account/search-searchbox.inc
@@ -43,7 +43,7 @@ $pager = $data->getPager();
                 <?php /** @var SelectItem $client */
                 foreach ($_getvar('clients') as $client): ?>
                     <option
-                            value="<?php echo $client->getId(); ?>" <?php echo $client->isSelected() ? 'selected' : ''; ?>><?php echo htmlentities($client->getName()); ?></option>
+                            value="<?php echo $client->getId(); ?>" <?php echo $client->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($client->getName(), ENT_QUOTES); ?></option>
                 <?php endforeach; ?>
             </select>
 
@@ -53,7 +53,7 @@ $pager = $data->getPager();
                 <?php /** @var SelectItem $category */
                 foreach ($_getvar('categories') as $category): ?>
                     <option
-                            value="<?php echo $category->getId(); ?>" <?php echo $category->isSelected() ? 'selected' : ''; ?>><?php echo htmlentities($category->getName()); ?></option>
+                            value="<?php echo $category->getId(); ?>" <?php echo $category->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($category->getName(), ENT_QUOTES); ?></option>
                 <?php endforeach; ?>
             </select>
         </div>
@@ -134,7 +134,7 @@ $pager = $data->getPager();
                 <?php /** @var SelectItem $tag */
                 foreach ($_getvar('tags') as $tag): ?>
                     <option
-                            value="<?php echo $tag->getId(); ?>" <?php echo $tag->isSelected() ? 'selected' : ''; ?>><?php echo htmlentities($tag->getName()); ?></option>
+                            value="<?php echo $tag->getId(); ?>" <?php echo $tag->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($tag->getName(), ENT_QUOTES); ?></option>
                 <?php endforeach; ?>
             </select>
         </div>
diff --git a/app/modules/web/themes/material-blue/views/common/aux-customfields.inc b/app/modules/web/themes/material-blue/views/common/aux-customfields.inc
index 98c2b51c..5b45f7ab 100644
--- a/app/modules/web/themes/material-blue/views/common/aux-customfields.inc
+++ b/app/modules/web/themes/material-blue/views/common/aux-customfields.inc
@@ -15,7 +15,7 @@ $customFields = $_getvar('customFields');
 foreach ($customFields as $index => $field):?>
     <tr>
         <td class="descField">
-            <?php echo $field->definitionName; ?>
+            <?php echo htmlspecialchars($field->definitionName, ENT_QUOTES); ?>
             <?php if ($field->isEncrypted && $field->isValueEncrypted === true): ?>
                 <i class="icon material-icons mdl-color-text--teal-500"
                    title="<?php echo __('Encrypted'); ?>">
@@ -58,7 +58,7 @@ foreach ($customFields as $index => $field):?>
                            maxlength="500"
                            value="<?php echo !$_getvar('showViewCustomPass') && !empty($field->value) ? '***' : htmlspecialchars($field->value, ENT_QUOTES); ?>" <?php echo $field->required ? 'required' : ''; ?> <?php echo $_getvar('readonly'); ?>>
                     <label class="mdl-textfield__label"
-                           for="<?php echo $field->formId; ?>"><?php echo $field->definitionName; ?></label>
+                           for="<?php echo $field->formId; ?>"><?php echo htmlspecialchars($field->definitionName, ENT_QUOTES); ?></label>
                 </div>
             <?php elseif ($field->typeName === 'textarea'): ?>
                 <div class="mdl-textfield mdl-js-textfield">
@@ -68,7 +68,7 @@ foreach ($customFields as $index => $field):?>
                             name="customfield[<?php echo $field->definitionId; ?>]"
                             id="<?php echo $field->formId; ?>" <?php echo $_getvar('readonly'); ?>><?php echo htmlspecialchars($field->value, ENT_QUOTES); ?></textarea>
                     <label class="mdl-textfield__label"
-                           for="<?php echo $field->formId; ?>"><?php echo $field->definitionName; ?></label>
+                           for="<?php echo $field->formId; ?>"><?php echo htmlspecialchars($field->definitionName, ENT_QUOTES); ?></label>
                 </div>
             <?php else: ?>
                 <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
@@ -79,7 +79,7 @@ foreach ($customFields as $index => $field):?>
                            maxlength="500"
                            value="<?php echo htmlspecialchars($field->value, ENT_QUOTES); ?>" <?php echo $field->required ? 'required' : ''; ?> <?php echo $_getvar('readonly'); ?>>
                     <label class="mdl-textfield__label"
-                           for="<?php echo $field->formId; ?>"><?php echo $field->definitionName; ?></label>
+                           for="<?php echo $field->formId; ?>"><?php echo htmlspecialchars($field->definitionName, ENT_QUOTES); ?></label>
                 </div>
             <?php endif; ?>
         </td>
diff --git a/app/modules/web/themes/material-blue/views/config/encryption.inc b/app/modules/web/themes/material-blue/views/config/encryption.inc
index d037f2bb..0eb67ca6 100644
--- a/app/modules/web/themes/material-blue/views/config/encryption.inc
+++ b/app/modules/web/themes/material-blue/views/config/encryption.inc
@@ -306,7 +306,7 @@ $disabled = $configData->isMaintenance() ? '' : 'disabled';
                     <?php /** @var SelectItem $userGroup */
                     foreach ($_getvar('userGroups') as $userGroup): ?>
                         <option
-                                value="<?php echo $userGroup->getId(); ?>"><?php echo htmlentities($userGroup->getName()); ?></option>
+                                value="<?php echo $userGroup->getId(); ?>"><?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?></option>
                     <?php endforeach; ?>
                 </select>
             </td>
diff --git a/app/modules/web/themes/material-blue/views/config/general-auth.inc b/app/modules/web/themes/material-blue/views/config/general-auth.inc
index acb2c40f..7838755c 100644
--- a/app/modules/web/themes/material-blue/views/config/general-auth.inc
+++ b/app/modules/web/themes/material-blue/views/config/general-auth.inc
@@ -100,7 +100,7 @@ use SP\Mvc\View\Template;
                 <?php /** @var SelectItem $userGroup */
                 foreach ($_getvar('userGroups') as $userGroup): ?>
                     <option
-                            value="<?php echo $userGroup->getId(); ?>" <?php echo $userGroup->getId() === $configData->getSsoDefaultGroup() ? 'selected' : ''; ?>><?php echo htmlentities($userGroup->getName()); ?></option>
+                            value="<?php echo $userGroup->getId(); ?>" <?php echo $userGroup->getId() === $configData->getSsoDefaultGroup() ? 'selected' : ''; ?>><?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?></option>
                 <?php endforeach; ?>
             </select>
         </td>
@@ -126,7 +126,7 @@ use SP\Mvc\View\Template;
                 <?php /** @var SelectItem $userProfile */
                 foreach ($_getvar('userProfiles') as $userProfile): ?>
                     <option
-                            value="<?php echo $userProfile->getId(); ?>" <?php echo ($userProfile->getId() === $configData->getSsoDefaultProfile()) ? 'selected' : ''; ?>><?php echo htmlentities($userProfile->getName()); ?></option>
+                            value="<?php echo $userProfile->getId(); ?>" <?php echo ($userProfile->getId() === $configData->getSsoDefaultProfile()) ? 'selected' : ''; ?>><?php echo htmlspecialchars($userProfile->getName(), ENT_QUOTES); ?></option>
                 <?php endforeach; ?>
             </select>
         </td>
diff --git a/app/modules/web/themes/material-blue/views/config/import.inc b/app/modules/web/themes/material-blue/views/config/import.inc
index b028ade5..335102e4 100644
--- a/app/modules/web/themes/material-blue/views/config/import.inc
+++ b/app/modules/web/themes/material-blue/views/config/import.inc
@@ -40,7 +40,7 @@ use SP\Mvc\View\Template;
                 foreach ($_getvar('users') as $user): ?>
                     <option
                             value="<?php echo $user->getId(); ?>" <?php echo $user->isSelected() ? 'selected' : ''; ?>>
-                        <?php echo htmlentities($user->getName()); ?>
+                        <?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?>
                     </option>
                 <?php endforeach; ?>
             </select>
@@ -68,7 +68,7 @@ use SP\Mvc\View\Template;
                 foreach ($_getvar('userGroups') as $userGroup): ?>
                     <option
                             value="<?php echo $userGroup->getId(); ?>" <?php echo $userGroup->isSelected() ? 'selected' : ''; ?>>
-                        <?php echo htmlentities($userGroup->getName()); ?>
+                        <?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?>
                     </option>
                 <?php endforeach; ?>
             </select>
diff --git a/app/modules/web/themes/material-blue/views/config/ldap.inc b/app/modules/web/themes/material-blue/views/config/ldap.inc
index f227ec05..cc08965c 100644
--- a/app/modules/web/themes/material-blue/views/config/ldap.inc
+++ b/app/modules/web/themes/material-blue/views/config/ldap.inc
@@ -322,7 +322,7 @@ use SP\Mvc\View\Template;
                         <option
                                 value="<?php echo $userGroup->getId(); ?>"
                             <?php echo $userGroup->getId() === $configData->getLdapDefaultGroup() ? 'selected' : ''; ?>>
-                            <?php echo htmlentities($userGroup->getName()); ?>
+                            <?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?>
                         </option>
                     <?php endforeach; ?>
                 </select>
@@ -353,7 +353,7 @@ use SP\Mvc\View\Template;
                         <option
                                 value="<?php echo $userProfile->getId(); ?>"
                             <?php echo ($userProfile->getId() === $configData->getLdapDefaultProfile()) ? 'selected' : ''; ?>>
-                            <?php echo htmlentities($userProfile->getName()); ?>
+                            <?php echo htmlspecialchars($userProfile->getName(), ENT_QUOTES); ?>
                         </option>
                     <?php endforeach; ?>
                 </select>
@@ -461,9 +461,9 @@ use SP\Mvc\View\Template;
                     <?php /** @var SelectItem $userAttribute */
                     foreach ($_getvar('userAttributes') as $userAttribute): ?>
                         <option
-                                value="<?php echo htmlentities($userAttribute->getName()); ?>"
+                                value="<?php echo $userAttribute->getName(); ?>"
                             <?php echo $userAttribute->isSelected() ? 'selected' : ''; ?>>
-                            <?php echo htmlentities($userAttribute->getName()); ?>
+                            <?php echo $userAttribute->getName(); ?>
                         </option>
                     <?php endforeach; ?>
                 </select>
@@ -495,9 +495,9 @@ use SP\Mvc\View\Template;
                     <?php /** @var SelectItem $groupAttribute */
                     foreach ($_getvar('groupAttributes') as $groupAttribute): ?>
                         <option
-                                value="<?php echo htmlentities($groupAttribute->getName()); ?>"
+                                value="<?php echo $groupAttribute->getName(); ?>"
                             <?php echo $groupAttribute->isSelected() ? 'selected' : ''; ?>>
-                            <?php echo htmlentities($groupAttribute->getName()); ?>
+                            <?php echo $groupAttribute->getName(); ?>
                         </option>
                     <?php endforeach; ?>
                 </select>
diff --git a/app/modules/web/themes/material-blue/views/config/wiki-dokuwiki.inc b/app/modules/web/themes/material-blue/views/config/wiki-dokuwiki.inc
index 24db080b..075b40c2 100644
--- a/app/modules/web/themes/material-blue/views/config/wiki-dokuwiki.inc
+++ b/app/modules/web/themes/material-blue/views/config/wiki-dokuwiki.inc
@@ -180,7 +180,7 @@ use SP\Mvc\View\Template;
                            type="text"
                            class="mdl-textfield__input mdl-color-text--indigo-400"
                            maxlength="128"
-                           value="<?php echo $configData->getDokuwikiNamespace(); ?>"/>
+                           value="<?php echo htmlspecialchars($configData->getDokuwikiNamespace(), ENT_QUOTES); ?>"/>
                     <label class="mdl-textfield__label"
                            for="dokuwiki_namespace"><?php echo __('Namespace'); ?></label>
                 </div>
diff --git a/app/modules/web/themes/material-blue/views/itemshow/account_bulkedit.inc b/app/modules/web/themes/material-blue/views/itemshow/account_bulkedit.inc
index 2d360133..a4bfc97b 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/account_bulkedit.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/account_bulkedit.inc
@@ -50,7 +50,7 @@ use SP\Mvc\View\Template;
                                 <option value=""><?php echo __('Select Client'); ?></option>
                                 <?php foreach ($_getvar('clients') as $client): ?>
                                     <option
-                                            value="<?php echo $client->getId(); ?>"><?php echo htmlentities($client->getName()); ?></option>
+                                            value="<?php echo $client->getId(); ?>"><?php echo htmlspecialchars($client->getName(), ENT_QUOTES); ?></option>
                                 <?php endforeach; ?>
                             </select>
                         </td>
@@ -66,7 +66,7 @@ use SP\Mvc\View\Template;
                                 <option value=""><?php echo __('Select Category'); ?></option>
                                 <?php foreach ($_getvar('categories') as $category): ?>
                                     <option
-                                            value="<?php echo $category->getId(); ?>"><?php echo htmlentities($category->getName()); ?></option>
+                                            value="<?php echo $category->getId(); ?>"><?php echo htmlspecialchars($category->getName(), ENT_QUOTES); ?></option>
                                 <?php endforeach; ?>
                             </select>
                         </td>
@@ -82,7 +82,7 @@ use SP\Mvc\View\Template;
                                 <option value=""><?php echo __('Select User'); ?></option>
                                 <?php foreach ($_getvar('users') as $user): ?>
                                     <option
-                                            value="<?php echo $user->getId(); ?>"><?php echo htmlentities($user->getName()); ?></option>
+                                            value="<?php echo $user->getId(); ?>"><?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?></option>
                                 <?php endforeach; ?>
                             </select>
                         </td>
@@ -98,7 +98,7 @@ use SP\Mvc\View\Template;
                                 <option value=""><?php echo __('Select Group'); ?></option>
                                 <?php foreach ($_getvar('userGroups') as $group): ?>
                                     <option
-                                            value="<?php echo $group->getId(); ?>"><?php echo htmlentities($group->getName()); ?></option>
+                                            value="<?php echo $group->getId(); ?>"><?php echo htmlspecialchars($group->getName(), ENT_QUOTES); ?></option>
                                 <?php endforeach; ?>
                             </select>
                         </td>
@@ -111,7 +111,7 @@ use SP\Mvc\View\Template;
                                     class="select-box-tags">
                                 <option value=""><?php echo __('Select Tags'); ?></option>
                                 <?php foreach ($_getvar('tags') as $tag): ?>
-                                    <option value="<?php echo $tag->getId(); ?>"><?php echo htmlentities($tag->getName()); ?></option>
+                                    <option value="<?php echo $tag->getId(); ?>"><?php echo htmlspecialchars($tag->getName(), ENT_QUOTES); ?></option>
                                 <?php endforeach; ?>
                             </select>
                         </td>
@@ -135,7 +135,7 @@ use SP\Mvc\View\Template;
                                         <option value=""><?php echo __('Select Users'); ?></option>
                                         <?php foreach ($_getvar('users') as $user): ?>
                                             <option
-                                                    value="<?php echo $user->getId(); ?>"><?php echo htmlentities($user->getName()); ?></option>
+                                                    value="<?php echo $user->getId(); ?>"><?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?></option>
                                         <?php endforeach; ?>
                                     </select>
 
@@ -160,7 +160,7 @@ use SP\Mvc\View\Template;
                                         <option value=""><?php echo __('Select Users'); ?></option>
                                         <?php foreach ($_getvar('users') as $user): ?>
                                             <option
-                                                    value="<?php echo $user->getId(); ?>"><?php echo htmlentities($user->getName()); ?></option>
+                                                    value="<?php echo $user->getId(); ?>"><?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?></option>
                                         <?php endforeach; ?>
                                     </select>
 
@@ -192,7 +192,7 @@ use SP\Mvc\View\Template;
                                         <option value=""><?php echo __('Select Groups'); ?></option>
                                         <?php foreach ($_getvar('userGroups') as $userGroup): ?>
                                             <option
-                                                    value="<?php echo $userGroup->getId(); ?>"><?php echo htmlentities($userGroup->getName()); ?></option>
+                                                    value="<?php echo $userGroup->getId(); ?>"><?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?></option>
                                         <?php endforeach; ?>
                                     </select>
 
@@ -217,7 +217,7 @@ use SP\Mvc\View\Template;
                                         <option value=""><?php echo __('Select Groups'); ?></option>
                                         <?php foreach ($_getvar('userGroups') as $userGroup): ?>
                                             <option
-                                                    value="<?php echo $userGroup->getId(); ?>"><?php echo htmlentities($userGroup->getName()); ?></option>
+                                                    value="<?php echo $userGroup->getId(); ?>"><?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?></option>
                                         <?php endforeach; ?>
                                     </select>
 
diff --git a/app/modules/web/themes/material-blue/views/itemshow/auth_token.inc b/app/modules/web/themes/material-blue/views/itemshow/auth_token.inc
index deb3d5fd..b38e1443 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/auth_token.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/auth_token.inc
@@ -34,7 +34,7 @@ $authToken = $_getvar('authToken');
                         <option value=""><?php echo __('Select User'); ?></option>
                         <?php /** @var SelectItem $user */
                         foreach ($_getvar('users') as $user): ?>
-                            <option value="<?php echo $user->getId(); ?>" <?php echo $user->isSelected() ? 'selected' : ''; ?>><?php printf('%s (%s)', htmlentities($user->getName()), htmlentities($user->getItemProperty('login'))); ?></option>
+                            <option value="<?php echo $user->getId(); ?>" <?php echo $user->isSelected() ? 'selected' : ''; ?>><?php printf('%s (%s)', htmlspecialchars($user->getName(), ENT_QUOTES), htmlspecialchars($user->getItemProperty('login'), ENT_QUOTES)); ?></option>
                         <?php endforeach; ?>
                     </select>
                 </td>
@@ -50,7 +50,7 @@ $authToken = $_getvar('authToken');
                         <option value=""><?php echo __('Select Action'); ?></option>
                         <?php /** @var SelectItem $action */
                         foreach ($_getvar('actions') as $action): ?>
-                            <option value="<?php echo $action->getId(); ?>" <?php echo $action->isSelected() ? 'selected' : ''; ?>><?php echo htmlentities($action->getName()); ?></option>
+                            <option value="<?php echo $action->getId(); ?>" <?php echo $action->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($action->getName(), ENT_QUOTES); ?></option>
                         <?php endforeach; ?>
                     </select>
                 </td>
diff --git a/app/modules/web/themes/material-blue/views/itemshow/category.inc b/app/modules/web/themes/material-blue/views/itemshow/category.inc
index 9d0d286b..8ded44fb 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/category.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/category.inc
@@ -31,7 +31,7 @@ $category = $_getvar('category');
                         <input id="name" name="name" type="text" required
                                class="mdl-textfield__input mdl-color-text--indigo-400"
                                maxlength="50"
-                               value="<?php echo htmlentities($category->getName()); ?>">
+                               value="<?php echo htmlspecialchars($category->getName(), ENT_QUOTES); ?>">
                         <label class="mdl-textfield__label"
                                for="name"><?php echo __('Category name'); ?></label>
                     </div>
@@ -44,7 +44,7 @@ $category = $_getvar('category');
                         <input id="description" name="description" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
                                maxlength="50"
-                               value="<?php echo htmlentities($category->getDescription()); ?>">
+                               value="<?php echo htmlspecialchars($category->getDescription(), ENT_QUOTES); ?>">
                         <label class="mdl-textfield__label"
                                for="description"><?php echo __('Category description'); ?></label>
                     </div>
diff --git a/app/modules/web/themes/material-blue/views/itemshow/client.inc b/app/modules/web/themes/material-blue/views/itemshow/client.inc
index f712e907..21f3ea08 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/client.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/client.inc
@@ -31,7 +31,7 @@ $client = $_getvar('client');
                         <input id="name" name="name" type="text" required
                                class="mdl-textfield__input mdl-color-text--indigo-400"
                                maxlength="50"
-                               value="<?php echo htmlentities($client->getName()); ?>">
+                               value="<?php echo htmlspecialchars($client->getName(), ENT_QUOTES); ?>">
                         <label class="mdl-textfield__label"
                                for="name"><?php echo __('Client name'); ?></label>
                     </div>
@@ -45,7 +45,7 @@ $client = $_getvar('client');
                         <input id="description" name="description" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
                                maxlength="50"
-                               value="<?php echo htmlentities($client->getDescription()); ?>">
+                               value="<?php echo htmlspecialchars($client->getDescription(), ENT_QUOTES); ?>">
                         <label class="mdl-textfield__label"
                                for="description"><?php echo __('Client description'); ?></label>
                     </div>
diff --git a/app/modules/web/themes/material-blue/views/itemshow/custom_field.inc b/app/modules/web/themes/material-blue/views/itemshow/custom_field.inc
index 62b4a021..61cf0a1c 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/custom_field.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/custom_field.inc
@@ -33,7 +33,7 @@ $field = $_getvar('field');
                         <input id="name" name="name" type="text" required
                                class="mdl-textfield__input mdl-color-text--indigo-400"
                                maxlength="50"
-                               value="<?php echo htmlentities($field->getName()); ?>">
+                               value="<?php echo htmlspecialchars($field->getName(), ENT_QUOTES); ?>">
                         <label class="mdl-textfield__label"
                                for="name"><?php echo __('Field name'); ?></label>
                     </div>
diff --git a/app/modules/web/themes/material-blue/views/itemshow/file.inc b/app/modules/web/themes/material-blue/views/itemshow/file.inc
index bdccb6e9..78b439da 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/file.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/file.inc
@@ -17,7 +17,7 @@ $fileData = $_getvar('fileData');
 <?php if ($_getvar('isImage')): ?>
     <img src="data:'<?php echo $fileData->getType(); ?>;base64, <?php echo $_getvar('data'); ?>"
          border="0"/>
-    <div class="title"><?php echo $fileData->getName(); ?></div>
+    <div class="title"><?php echo htmlspecialchars($fileData->getName(), ENT_QUOTES); ?></div>
 <?php else: ?>
     <pre><?php echo $_getvar('data'); ?></pre>
 <?php endif; ?>
\ No newline at end of file
diff --git a/app/modules/web/themes/material-blue/views/itemshow/item_preset-password.inc b/app/modules/web/themes/material-blue/views/itemshow/item_preset-password.inc
index 86899e38..f8fd3337 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/item_preset-password.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/item_preset-password.inc
@@ -65,7 +65,7 @@ $password = $_getvar('password');
             <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                 <input id="regex" name="regex" type="text"
                        class="mdl-textfield__input mdl-color-text--indigo-400"
-                       value="<?php echo htmlentities($password->getRegex()); ?>"/>
+                       value="<?php echo htmlspecialchars($password->getRegex(), ENT_QUOTES); ?>"/>
                 <label class="mdl-textfield__label"
                        for="regex"><?php echo __('Regular Expression'); ?></label>
             </div>
diff --git a/app/modules/web/themes/material-blue/views/itemshow/item_preset-permission.inc b/app/modules/web/themes/material-blue/views/itemshow/item_preset-permission.inc
index 04dff8a3..17a351d2 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/item_preset-permission.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/item_preset-permission.inc
@@ -27,7 +27,7 @@ use SP\Mvc\View\Template;
                             <?php if ($user->isSkip()): continue; endif; ?>
                             <option
                                     value="<?php echo $user->getId(); ?>"
-                                <?php echo $user->isSelected() ? 'selected' : '' ?>><?php echo htmlentities($user->getName()); ?></option>
+                                <?php echo $user->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?></option>
                         <?php endforeach; ?>
                     </select>
 
@@ -45,7 +45,7 @@ use SP\Mvc\View\Template;
                             <?php if ($user->isSkip()): continue; endif; ?>
                             <option
                                     value="<?php echo $user->getId(); ?>"
-                                <?php echo $user->isSelected() ? 'selected' : '' ?>><?php echo htmlentities($user->getName()); ?></option>
+                                <?php echo $user->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?></option>
                         <?php endforeach; ?>
                     </select>
 
@@ -70,7 +70,7 @@ use SP\Mvc\View\Template;
                             <?php if ($userGroup->isSkip()): continue; endif; ?>
                             <option
                                     value="<?php echo $userGroup->getId(); ?>"
-                                <?php echo $userGroup->isSelected() ? 'selected' : '' ?>><?php echo htmlentities($userGroup->getName()); ?></option>
+                                <?php echo $userGroup->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?></option>
                         <?php endforeach; ?>
                     </select>
 
@@ -88,7 +88,7 @@ use SP\Mvc\View\Template;
                             <?php if ($userGroup->isSkip()): continue; endif; ?>
                             <option
                                     value="<?php echo $userGroup->getId(); ?>"
-                                <?php echo $userGroup->isSelected() ? 'selected' : '' ?>><?php echo htmlentities($userGroup->getName()); ?></option>
+                                <?php echo $userGroup->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?></option>
                         <?php endforeach; ?>
                     </select>
 
diff --git a/app/modules/web/themes/material-blue/views/itemshow/item_preset.inc b/app/modules/web/themes/material-blue/views/itemshow/item_preset.inc
index b144ad02..d1bed86f 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/item_preset.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/item_preset.inc
@@ -48,7 +48,7 @@ $preset = $_getvar('preset');
                                 <?php /** @var SelectItem $user */
                                 foreach ($_getvar('users') as $user): ?>
                                     <option
-                                            value="<?php echo $user->getId(); ?>" <?php echo $user->isSelected() ? 'selected' : ''; ?>><?php echo htmlentities($user->getName()); ?></option>
+                                            value="<?php echo $user->getId(); ?>" <?php echo $user->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?></option>
                                 <?php endforeach; ?>
                             </select>
                         </td>
@@ -66,7 +66,7 @@ $preset = $_getvar('preset');
                                 <?php /** @var SelectItem $userGroup */
                                 foreach ($_getvar('userGroups') as $userGroup): ?>
                                     <option
-                                            value="<?php echo $userGroup->getId(); ?>" <?php echo $userGroup->isSelected() ? 'selected' : ''; ?>><?php echo htmlentities($userGroup->getName()); ?></option>
+                                            value="<?php echo $userGroup->getId(); ?>" <?php echo $userGroup->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?></option>
                                 <?php endforeach; ?>
                             </select>
                         </td>
@@ -84,7 +84,7 @@ $preset = $_getvar('preset');
                                 <?php /** @var SelectItem $userProfile */
                                 foreach ($_getvar('userProfiles') as $userProfile): ?>
                                     <option
-                                            value="<?php echo $userProfile->getId(); ?>" <?php echo $userProfile->isSelected() ? 'selected' : ''; ?>><?php echo htmlentities($userProfile->getName()); ?></option>
+                                            value="<?php echo $userProfile->getId(); ?>" <?php echo $userProfile->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($userProfile->getName(), ENT_QUOTES); ?></option>
                                 <?php endforeach; ?>
                             </select>
                         </td>
diff --git a/app/modules/web/themes/material-blue/views/itemshow/public_link.inc b/app/modules/web/themes/material-blue/views/itemshow/public_link.inc
index 457ace84..72b685d6 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/public_link.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/public_link.inc
@@ -35,7 +35,14 @@ $publicLink = $_getvar('publicLink');
                         <?php /** @var SelectItem $account */
                         foreach ($_getvar('accounts') as $account): ?>
                             <option
-                                    value="<?php echo $account->getId(); ?>" <?php echo $account->isSelected() ? 'selected' : ''; ?>><?php printf('%s (%s)', htmlentities($account->getName()), htmlentities($account->getItemProperty('clientName'))); ?></option>
+                                    value="<?php echo $account->getId(); ?>"
+                                <?php echo $account->isSelected() ? 'selected' : ''; ?>>
+                                <?php printf(
+                                        '%s (%s)',
+                                        htmlspecialchars($account->getName(), ENT_QUOTES),
+                                        htmlspecialchars($account->getItemProperty('clientName'), ENT_QUOTES)
+                                ); ?>
+                            </option>
                         <?php endforeach; ?>
                     </select>
                 </td>
diff --git a/app/modules/web/themes/material-blue/views/itemshow/tag.inc b/app/modules/web/themes/material-blue/views/itemshow/tag.inc
index 2281c68e..ada5ccf8 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/tag.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/tag.inc
@@ -30,7 +30,7 @@ $tag = $_getvar('tag');
                         <input id="name" name="name" type="text" required
                                class="mdl-textfield__input mdl-color-text--indigo-400"
                                maxlength="50"
-                               value="<?php echo htmlentities($tag->getName()); ?>">
+                               value="<?php echo htmlspecialchars($tag->getName(), ENT_QUOTES); ?>">
                         <label class="mdl-textfield__label"
                                for="name"><?php echo __('Tag name'); ?></label>
                     </div>
diff --git a/app/modules/web/themes/material-blue/views/itemshow/user.inc b/app/modules/web/themes/material-blue/views/itemshow/user.inc
index 9b33b0cc..9f7584fb 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/user.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/user.inc
@@ -48,7 +48,7 @@ $user = $_getvar('user');
                                 <input id="name" name="name" type="text"
                                        required
                                        class="mdl-textfield__input mdl-color-text--indigo-400"
-                                       value="<?php echo htmlentities($user->getName()); ?>"
+                                       value="<?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?>"
                                        maxlength="80" <?php echo $_getvar('readonly'); ?>>
                                 <label class="mdl-textfield__label"
                                        for="name"><?php echo __('Full username'); ?></label>
@@ -63,7 +63,7 @@ $user = $_getvar('user');
                                 <input id="login" name="login" type="text"
                                        required
                                        class="mdl-textfield__input mdl-color-text--indigo-400"
-                                       value="<?php echo htmlentities($user->getLogin()); ?>"
+                                       value="<?php echo htmlspecialchars($user->getLogin(), ENT_QUOTES); ?>"
                                        maxlength="80" <?php echo $user->isLdap() ? 'readonly' : $_getvar('readonly'); ?>>
                                 <label class="mdl-textfield__label"
                                        for="login"><?php echo __('Session login'); ?></label>
@@ -83,7 +83,7 @@ $user = $_getvar('user');
                                     <input id="login_sso" name="login_sso"
                                            type="text"
                                            class="mdl-textfield__input mdl-color-text--indigo-400"
-                                           value="<?php echo htmlentities($user->getSsoLogin()); ?>"
+                                           value="<?php echo htmlspecialchars($user->getSsoLogin(), ENT_QUOTES); ?>"
                                            maxlength="100" <?php echo $_getvar('readonly'); ?>>
                                     <label class="mdl-textfield__label"
                                            for="login_sso"><?php echo __('Session login with SSO'); ?></label>
@@ -99,7 +99,7 @@ $user = $_getvar('user');
                                 <input id="email" name="email" type="email"
                                        required
                                        class="mdl-textfield__input mdl-color-text--indigo-400"
-                                       value="<?php echo htmlentities($user->getEmail()); ?>"
+                                       value="<?php echo htmlspecialchars($user->getEmail(), ENT_QUOTES); ?>"
                                        maxlength="50" <?php echo $_getvar('readonly'); ?>>
                                 <label class="mdl-textfield__label"
                                        for="email"><?php echo __('Email address'); ?></label>
@@ -153,7 +153,7 @@ $user = $_getvar('user');
                                 <?php /** @var SelectItem $profile */
                                 foreach ($_getvar('profiles') as $profile): ?>
                                     <option
-                                            value="<?php echo $profile->getId(); ?>" <?php echo ($profile->getId() === $user->getUserProfileId()) ? 'selected' : ''; ?>><?php echo htmlentities($profile->getName()); ?></option>
+                                            value="<?php echo $profile->getId(); ?>" <?php echo ($profile->getId() === $user->getUserProfileId()) ? 'selected' : ''; ?>><?php echo htmlspecialchars($profile->getName(), ENT_QUOTES); ?></option>
                                 <?php endforeach; ?>
                             </select>
                         </td>
@@ -171,7 +171,7 @@ $user = $_getvar('user');
                                 <?php /** @var SelectItem $group */
                                 foreach ($_getvar('groups') as $group): ?>
                                     <option
-                                            value="<?php echo $group->getId(); ?>" <?php echo ($group->getId() === $user->getUserGroupId()) ? 'selected' : ''; ?>><?php echo htmlentities($group->getName()); ?></option>
+                                            value="<?php echo $group->getId(); ?>" <?php echo ($group->getId() === $user->getUserGroupId()) ? 'selected' : ''; ?>><?php echo htmlspecialchars($group->getName(), ENT_QUOTES); ?></option>
                                 <?php endforeach; ?>
                             </select>
                         </td>
@@ -183,7 +183,9 @@ $user = $_getvar('user');
                             <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                         <textarea class="mdl-textfield__input" rows="3"
                                   id="notes" name="notes"
-                                  maxlength="1000" <?php echo $_getvar('readonly'); ?>><?php echo htmlspecialchars($user->getNotes(), ENT_QUOTES); ?></textarea>
+                                  maxlength="1000" <?php echo $_getvar('readonly'); ?>>
+                            <?php echo htmlspecialchars($user->getNotes(), ENT_QUOTES); ?>
+                        </textarea>
                                 <label class="mdl-textfield__label"
                                        for="notes"><?php echo __('Notes'); ?></label>
                             </div>
@@ -338,7 +340,11 @@ $user = $_getvar('user');
                                                 title="<?php echo $item->ref; ?>">
                                                 <span class="mdl-list__item-primary-content">
                                                 <i class="material-icons mdl-list__item-icon"><?php echo $item->icon; ?></i>
-                                                    <?php printf('%s: %s', $item->ref, htmlentities($item->name) ?: $item->id); ?>
+                                                    <?php printf(
+                                                            '%s: %s',
+                                                            $item->ref,
+                                                            htmlspecialchars($item->name, ENT_QUOTES) ?: $item->id
+                                                    ); ?>
                                                 </span>
                                             </li>
                                         <?php endforeach; ?>
diff --git a/app/modules/web/themes/material-blue/views/itemshow/user_group.inc b/app/modules/web/themes/material-blue/views/itemshow/user_group.inc
index dcf7d947..89d24ddb 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/user_group.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/user_group.inc
@@ -34,7 +34,7 @@ $group = $_getvar('group');
                         <input id="name" name="name" type="text" required
                                class="mdl-textfield__input mdl-color-text--indigo-400"
                                maxlength="50"
-                               value="<?php echo htmlentities($group->getName()); ?>">
+                               value="<?php echo htmlspecialchars($group->getName(), ENT_QUOTES); ?>">
                         <label class="mdl-textfield__label"
                                for="name"><?php echo __('Group name'); ?></label>
                     </div>
@@ -48,7 +48,7 @@ $group = $_getvar('group');
                         <input id="description" name="description" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
                                maxlength="50"
-                               value="<?php echo htmlspecialchars($group->getDescription()); ?>">
+                               value="<?php echo htmlspecialchars($group->getDescription(), ENT_QUOTES); ?>">
                         <label class="mdl-textfield__label"
                                for="description"><?php echo __('Group description'); ?></label>
                     </div>
@@ -68,7 +68,10 @@ $group = $_getvar('group');
                             <?php /** @var SelectItem $user */
                             foreach ($_getvar('users') as $user): ?>
                                 <option
-                                        value="<?php echo $user->getId(); ?>" <?php echo $user->isSelected() ? 'selected' : ''; ?>><?php echo htmlentities($user->getName()); ?></option>
+                                        value="<?php echo $user->getId(); ?>"
+                                    <?php echo $user->isSelected() ? 'selected' : ''; ?>>
+                                    <?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?>
+                                </option>
                             <?php endforeach; ?>
                         </select>
                     <?php else: ?>
@@ -78,7 +81,9 @@ $group = $_getvar('group');
                                     <?php /** @var SelectItem $user */
                                     foreach ($_getvar('users') as $user): ?>
                                         <?php if ($user->isSelected()): ?>
-                                            <span class="tag"><?php echo htmlentities($user->getName()); ?></span>
+                                            <span class="tag">
+                                                <?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?>
+                                            </span>
                                         <?php endif; ?>
                                     <?php endforeach; ?>
                                 </div>
@@ -106,9 +111,17 @@ $group = $_getvar('group');
                                             <i class="material-icons mdl-list__item-icon"
                                                title="<?php echo __('User'); ?>">person</i>
                                             <?php if ($user->ref === 'UserGroup'): ?>
-                                                <?php printf('%s (%s)*', htmlentities($user->name), htmlentities($user->login)); ?>
+                                                <?php printf(
+                                                        '%s (%s)*',
+                                                        htmlspecialchars($user->name, ENT_QUOTES),
+                                                        htmlspecialchars($user->login, ENT_QUOTES)
+                                                ); ?>
                                             <?php else: ?>
-                                                <?php printf('%s (%s)', htmlentities($user->name), htmlentities($user->login)); ?>
+                                                <?php printf(
+                                                        '%s (%s)',
+                                                        htmlspecialchars($user->name, ENT_QUOTES),
+                                                        htmlspecialchars($user->login, ENT_QUOTES)
+                                                ); ?>
                                             <?php endif; ?>
                                         </span>
                                     </li>
diff --git a/app/modules/web/themes/material-blue/views/itemshow/user_pass.inc b/app/modules/web/themes/material-blue/views/itemshow/user_pass.inc
index 1b7b9519..66fc0aa5 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/user_pass.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/user_pass.inc
@@ -29,7 +29,7 @@ $user = $_getvar('user');
                     <div class="mdl-textfield mdl-js-textfield">
                         <input id="name" name="name" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
-                               value="<?php echo htmlentities($user->getName()); ?>" readonly
+                               value="<?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?>" readonly
                                disabled/>
                     </div>
                 </td>
@@ -41,7 +41,7 @@ $user = $_getvar('user');
                     <div class="mdl-textfield mdl-js-textfield">
                         <input id="login" name="login" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
-                               value="<?php echo htmlentities($user->getLogin()); ?>"
+                               value="<?php echo htmlspecialchars($user->getLogin(), ENT_QUOTES); ?>"
                                readonly disabled/>
                     </div>
                 </td>
diff --git a/app/modules/web/themes/material-blue/views/itemshow/user_profile.inc b/app/modules/web/themes/material-blue/views/itemshow/user_profile.inc
index ba257e19..c2a62db4 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/user_profile.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/user_profile.inc
@@ -578,7 +578,7 @@ $profileData = $_getvar('profileData');
                         <input id="profile_name" name="profile_name" type="text"
                                required
                                class="mdl-textfield__input"
-                               value="<?php echo htmlentities($profile->getName()); ?>"
+                               value="<?php echo htmlspecialchars($profile->getName(), ENT_QUOTES); ?>"
                                maxlength="50" <?php echo $_getvar('readonly'); ?>>
                         <label class="mdl-textfield__label"
                                for="profile_name"><?php echo __('Profile name'); ?></label>
diff --git a/app/modules/web/themes/material-blue/views/notification/notification.inc b/app/modules/web/themes/material-blue/views/notification/notification.inc
index b1fe5d4f..87a4697b 100644
--- a/app/modules/web/themes/material-blue/views/notification/notification.inc
+++ b/app/modules/web/themes/material-blue/views/notification/notification.inc
@@ -1,10 +1,10 @@
 <?php
 /**
- * @var  NotificationData              $notification
- * @var ThemeIcons                     $icons
+ * @var  NotificationData $notification
+ * @var ThemeIcons $icons
  * @var \SP\Config\ConfigDataInterface $configData
- * @var callable                       $_getvar
- * @var Template                       $this
+ * @var callable $_getvar
+ * @var Template $this
  */
 
 use SP\Core\UI\ThemeIcons;
@@ -60,7 +60,8 @@ $notification = $_getvar('notification');
                             <input id="notification_date"
                                    name="notification_date" type="text"
                                    class="mdl-textfield__input mdl-color-text--indigo-400"
-                                   value="<?php echo DateUtil::getDateFromUnix($notification->getDate()); ?>" <?php echo $_getvar('disabled'); ?>>
+                                   value="<?php echo DateUtil::getDateFromUnix($notification->getDate()); ?>"
+                                <?php echo $_getvar('disabled'); ?>>
                             <label class="mdl-textfield__label"
                                    for="notification_date"><?php echo __('Date'); ?></label>
                         </div>
@@ -76,13 +77,15 @@ $notification = $_getvar('notification');
                                     class="mdl-textfield__input mdl-color-text--indigo-400"
                                     type="text" rows="3"
                                     id="notification_description"
-                                    name="notification_description" <?php echo $_getvar('readonly'); ?>><?php echo $notification->getDescription(); ?></textarea>
+                                    name="notification_description" <?php echo $_getvar('readonly'); ?>>
+                                <?php echo htmlspecialchars($notification->getDescription(), ENT_QUOTES); ?>
+                            </textarea>
                             <label class="mdl-textfield__label"
                                    for="notification_description"><?php echo __('Description'); ?></label>
                         </div>
                     <?php else: ?>
                         <div class="notification-description">
-                            <?php echo $notification->getDescription(); ?>
+                            <?php echo htmlspecialchars($notification->getDescription(), ENT_QUOTES); ?>
                         </div>
                     <?php endif; ?>
                 </td>
@@ -99,8 +102,10 @@ $notification = $_getvar('notification');
                             <option value=""><?php echo __('Select User'); ?></option>
                             <?php /** @var SelectItem $user */
                             foreach ($_getvar('users') as $user): ?>
-                                <option
-                                        value="<?php echo $user->getId(); ?>" <?php echo $user->isSelected() ? 'selected' : ''; ?>><?php echo htmlentities($user->getName()); ?></option>
+                                <option value="<?php echo $user->getId(); ?>"
+                                    <?php echo $user->isSelected() ? 'selected' : ''; ?>>
+                                    <?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?>
+                                </option>
                             <?php endforeach; ?>
                         </select>
                     </td>
@@ -114,7 +119,8 @@ $notification = $_getvar('notification');
                                title="<?php echo __('Global notification'); ?>">
                             <input type="checkbox" id="notification_sticky"
                                    class="mdl-switch__input mdl-color-text--indigo-400"
-                                   name="notification_sticky" <?php echo $notification->isSticky() ? 'checked' : ' '; ?> <?php echo $_getvar('disabled'); ?>/>
+                                   name="notification_sticky" <?php echo $notification->isSticky() ? 'checked'
+                                : ' '; ?> <?php echo $_getvar('disabled'); ?>/>
                             <span class="mdl-switch__label"><?php echo __('Global'); ?></span>
                         </label>
 
@@ -123,7 +129,9 @@ $notification = $_getvar('notification');
                                title="<?php echo __('Only for application administrators'); ?>">
                             <input type="checkbox" id="notification_onlyadmin"
                                    class="mdl-switch__input mdl-color-text--indigo-400"
-                                   name="notification_onlyadmin" <?php echo $notification->isOnlyAdmin() ? 'checked' : ' '; ?> <?php echo $_getvar('disabled'); ?>/>
+                                   name="notification_onlyadmin"
+                                <?php echo $notification->isOnlyAdmin() ? 'checked' : ' '; ?>
+                                <?php echo $_getvar('disabled'); ?>/>
                             <span class="mdl-switch__label"><?php echo __('Only Admins'); ?></span>
                         </label>
 
@@ -132,7 +140,9 @@ $notification = $_getvar('notification');
                                title="<?php echo __('Read'); ?>">
                             <input type="checkbox" id="notification_checkout"
                                    class="mdl-switch__input mdl-color-text--indigo-400"
-                                   name="notification_checkout" <?php echo $notification->isChecked() ? 'checked' : ' '; ?> <?php echo $_getvar('disabled'); ?>/>
+                                   name="notification_checkout"
+                                <?php echo $notification->isChecked() ? 'checked' : ' '; ?>
+                                <?php echo $_getvar('disabled'); ?>/>
                             <span class="mdl-switch__label"><?php echo __('Read'); ?></span>
                         </label>
                     </td>
@@ -145,7 +155,8 @@ $notification = $_getvar('notification');
     <?php if (!$_getvar('isView')): ?>
         <div class="action-in-box">
             <button
-                    class="mdl-button mdl-js-button mdl-button--fab mdl-button--mini-fab mdl-button--colored <?php echo $icons->getIconSave()->getClassButton(); ?>"
+                    class="mdl-button mdl-js-button mdl-button--fab mdl-button--mini-fab mdl-button--colored <?php echo $icons->getIconSave(
+                    )->getClassButton(); ?>"
                     form="frmNotices"
                     title="<?php echo $icons->getIconSave()->getTitle(); ?>">
                 <i class="material-icons"><?php echo $icons->getIconSave()->getIcon(); ?></i>