diff --git a/app/modules/web/themes/material-blue/views/account/account-editpass.inc b/app/modules/web/themes/material-blue/views/account/account-editpass.inc
index 18d3c88d..c0fe386b 100644
--- a/app/modules/web/themes/material-blue/views/account/account-editpass.inc
+++ b/app/modules/web/themes/material-blue/views/account/account-editpass.inc
@@ -37,7 +37,7 @@ $accountAcl = $_getvar('accountAcl');
                     <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                         <input id="name" name="name" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
-                               value="<?php echo $accountData->getName(); ?>"
+                               value="<?php echo htmlspecialchars($accountData->getName(), ENT_QUOTES); ?>"
                                readonly>
                         <label class="mdl-textfield__label"
                                for="name"><?php echo __('Account name'); ?></label>
@@ -50,7 +50,7 @@ $accountAcl = $_getvar('accountAcl');
                     <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                         <input id="client" name="client" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
-                               value="<?php echo $accountData->getClientName(); ?>"
+                               value="<?php echo htmlspecialchars($accountData->getClientName(), ENT_QUOTES); ?>"
                                readonly>
                         <label class="mdl-textfield__label"
                                for="client"><?php echo __('Client'); ?></label>
@@ -76,7 +76,7 @@ $accountAcl = $_getvar('accountAcl');
                     <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                         <input id="login" name="login" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
-                               value="<?php echo $accountData->getLogin(); ?>"
+                               value="<?php echo htmlspecialchars($accountData->getLogin(), ENT_QUOTES); ?>"
                                readonly>
                         <label class="mdl-textfield__label"
                                for="login"><?php echo __('User'); ?></label>
diff --git a/app/modules/web/themes/material-blue/views/account/account-history.inc b/app/modules/web/themes/material-blue/views/account/account-history.inc
index bee4ec23..e1f6014c 100644
--- a/app/modules/web/themes/material-blue/views/account/account-history.inc
+++ b/app/modules/web/themes/material-blue/views/account/account-history.inc
@@ -57,7 +57,7 @@ $accountAcl = $_getvar('accountAcl');
                                        required
                                        class="mdl-textfield__input mdl-color-text--indigo-400"
                                        maxlength="50"
-                                       value="<?php echo $accountData->getName() ?>"
+                                       value="<?php echo htmlspecialchars($accountData->getName(), ENT_QUOTES); ?>"
                                        tabindex="1" readonly>
                                 <label class="mdl-textfield__label"
                                        for="name"><?php echo __('Account name'); ?></label>
@@ -75,7 +75,10 @@ $accountAcl = $_getvar('accountAcl');
                                 <?php /** @var SelectItem $client */
                                 foreach ($_getvar('clients') as $client): ?>
                                     <option
-                                            value="<?php echo $client->getId(); ?>" <?php echo $client->isSelected() ? 'selected' : ''; ?>><?php echo $client->getName(); ?></option>
+                                            value="<?php echo $client->getId(); ?>"
+                                        <?php echo $client->isSelected() ? 'selected' : ''; ?>>
+                                        <?php echo htmlspecialchars($client->getName(), ENT_QUOTES); ?>
+                                    </option>
                                 <?php endforeach; ?>
                             </select>
                         </td>
@@ -92,7 +95,10 @@ $accountAcl = $_getvar('accountAcl');
                                 <?php /** @var SelectItem $category */
                                 foreach ($_getvar('categories') as $category): ?>
                                     <option
-                                            value="<?php echo $category->getId(); ?>" <?php echo $category->isSelected() ? 'selected' : ''; ?>><?php echo $category->getName(); ?></option>
+                                            value="<?php echo $category->getId(); ?>"
+                                        <?php echo $category->isSelected() ? 'selected' : ''; ?>>
+                                        <?php echo htmlspecialchars($category->getName(), ENT_QUOTES); ?>
+                                    </option>
                                 <?php endforeach; ?>
                             </select>
                         </td>
@@ -118,7 +124,7 @@ $accountAcl = $_getvar('accountAcl');
                                 <input id="login" name="login" type="text"
                                        class="mdl-textfield__input mdl-color-text--indigo-400"
                                        maxlength="50" tabindex="5"
-                                       value="<?php echo $accountData->getLogin(); ?>"
+                                       value="<?php echo htmlspecialchars($accountData->getLogin(), ENT_QUOTES); ?>"
                                        readonly>
                                 <label class="mdl-textfield__label"
                                        for="name"><?php echo __('Access user'); ?></label>
@@ -149,7 +155,8 @@ $accountAcl = $_getvar('accountAcl');
                                 rows="3" id="notes"
                                 name="notes" tabindex="9"
                                 maxlength="5000"
-                                readonly><?php echo $accountData->getNotes(); ?></textarea>
+                                readonly><?php echo htmlspecialchars($accountData->getNotes(), ENT_QUOTES); ?>
+                        </textarea>
                                 <label class="mdl-textfield__label"
                                        for="notes"><?php echo __('Notes about the account'); ?></label>
                             </div>
@@ -170,7 +177,9 @@ $accountAcl = $_getvar('accountAcl');
                                     foreach ($_getvar('historyData') as $history): ?>
                                         <option
                                                 value="<?php echo $history->getId(); ?>"
-                                            <?php echo $history->isSelected() ? 'selected' : ''; ?>><?php echo $history->getName(); ?></option>
+                                            <?php echo $history->isSelected() ? 'selected' : ''; ?>>
+                                            <?php echo htmlspecialchars($history->getName(), ENT_QUOTES); ?>
+                                        </option>
                                     <?php endforeach; ?>
                                 </select>
                             </td>
@@ -179,7 +188,13 @@ $accountAcl = $_getvar('accountAcl');
 
                     <tr>
                         <td class="descField"><?php echo __('Last Modification'); ?></td>
-                        <td class="valField"><?php printf('%s (%s)', $accountData->getDateEdit(), $accountData->getUserEditName() ?: $accountData->getUserEditLogin()); ?></td>
+                        <td class="valField">
+                            <?php printf(
+                                    '%s (%s)',
+                                    $accountData->getDateEdit(),
+                                    htmlspecialchars($accountData->getUserEditName(), ENT_QUOTES)
+                                ?: htmlspecialchars($accountData->getUserEditLogin(), ENT_QUOTES)); ?>
+                        </td>
                     </tr>
                 </table>
 
diff --git a/app/modules/web/themes/material-blue/views/account/account-link.inc b/app/modules/web/themes/material-blue/views/account/account-link.inc
index a8a3eefc..45feabb5 100644
--- a/app/modules/web/themes/material-blue/views/account/account-link.inc
+++ b/app/modules/web/themes/material-blue/views/account/account-link.inc
@@ -30,7 +30,7 @@ $accountData = $_getvar('accountData');
                         <input id="name" name="name" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
                                maxlength="50"
-                               value="<?php echo $accountData->getName(); ?>"
+                               value="<?php echo htmlspecialchars($accountData->getName(), ENT_QUOTES); ?>"
                                readonly>
                         <label class="mdl-textfield__label"
                                for="name"><?php echo __('Account name'); ?></label>
@@ -43,7 +43,7 @@ $accountData = $_getvar('accountData');
                     <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                         <input id="client" name="client" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
-                               value="<?php echo $accountData->getClientName(); ?>"
+                               value="<?php echo htmlspecialchars($accountData->getClientName(), ENT_QUOTES); ?>"
                                readonly>
                         <label class="mdl-textfield__label"
                                for="client"><?php echo __('Client'); ?></label>
@@ -56,7 +56,7 @@ $accountData = $_getvar('accountData');
                     <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                         <input id="category" name="category" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
-                               value="<?php echo $accountData->getCategoryName(); ?>"
+                               value="<?php echo htmlspecialchars($accountData->getCategoryName(), ENT_QUOTES); ?>"
                                readonly>
                         <label class="mdl-textfield__label"
                                for="category"><?php echo __('Category'); ?></label>
@@ -69,7 +69,7 @@ $accountData = $_getvar('accountData');
                     <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                         <input id="url" name="url" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
-                               value="<?php echo $accountData->getUrl(); ?>"
+                               value="<?php echo htmlspecialchars($accountData->getUrl(), ENT_QUOTES); ?>"
                                readonly>
                         <label class="mdl-textfield__label"
                                for="url"><?php echo __('URL / IP'); ?></label>
@@ -82,7 +82,7 @@ $accountData = $_getvar('accountData');
                     <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                         <input id="login" name="login" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
-                               value="<?php echo $accountData->getLogin(); ?>"
+                               value="<?php echo htmlspecialchars($accountData->getLogin(), ENT_QUOTES); ?>"
                                readonly>
                         <label class="mdl-textfield__label"
                                for="login"><?php echo __('User'); ?></label>
@@ -98,7 +98,7 @@ $accountData = $_getvar('accountData');
                                 rows="3" id="notes"
                                 name="notes"
                                 maxlength="1000"
-                                readonly><?php echo $accountData->getNotes(); ?></textarea>
+                                readonly><?php echo htmlspecialchars($accountData->getNotes(), ENT_QUOTES); ?></textarea>
                         <label class="mdl-textfield__label"
                                for="notes"><?php echo __('Notes about the account'); ?></label>
                     </div>
diff --git a/app/modules/web/themes/material-blue/views/account/account-permissions.inc b/app/modules/web/themes/material-blue/views/account/account-permissions.inc
index 8711308f..e29f2710 100644
--- a/app/modules/web/themes/material-blue/views/account/account-permissions.inc
+++ b/app/modules/web/themes/material-blue/views/account/account-permissions.inc
@@ -36,7 +36,7 @@ use SP\Services\Account\AccountAcl;
                                         <?php if ($otherUser->isSkip()): continue; endif; ?>
                                         <option
                                                 value="<?php echo $otherUser->getId(); ?>"
-                                            <?php echo $otherUser->isSelected() ? 'selected' : '' ?>><?php echo $otherUser->getName(); ?></option>
+                                            <?php echo $otherUser->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($otherUser->getName(), ENT_QUOTES); ?></option>
                                     <?php endforeach; ?>
                                 </select>
                                 <i class="material-icons select-icon"
@@ -49,7 +49,7 @@ use SP\Services\Account\AccountAcl;
                                         <?php /** @var SelectItem $otherUser */
                                         foreach ($_getvar('otherUsersView') as $otherUser): ?>
                                             <?php if ($otherUser->isSelected()): ?>
-                                                <span class="tag"><?php echo $otherUser->getName(); ?></span>
+                                                <span class="tag"><?php echo htmlspecialchars($otherUser->getName(), ENT_QUOTES); ?></span>
                                             <?php endif; ?>
                                         <?php endforeach; ?>
                                     </div>
@@ -69,7 +69,7 @@ use SP\Services\Account\AccountAcl;
                                         <?php if ($otherUser->isSkip()): continue; endif; ?>
                                         <option
                                                 value="<?php echo $otherUser->getId(); ?>"
-                                            <?php echo $otherUser->isSelected() ? 'selected' : '' ?>><?php echo $otherUser->getName(); ?></option>
+                                            <?php echo $otherUser->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($otherUser->getName(), ENT_QUOTES); ?></option>
                                     <?php endforeach; ?>
                                 </select>
                                 <i class="material-icons select-icon"
@@ -82,7 +82,7 @@ use SP\Services\Account\AccountAcl;
                                         <?php /** @var SelectItem $otherUser */
                                         foreach ($_getvar('otherUsersEdit') as $otherUser): ?>
                                             <?php if ($otherUser->isSelected()): ?>
-                                                <span class="tag"><?php echo $otherUser->getName(); ?></span>
+                                                <span class="tag"><?php echo htmlspecialchars($otherUser->getName(), ENT_QUOTES); ?></span>
                                             <?php endif; ?>
                                         <?php endforeach; ?>
                                     </div>
@@ -108,7 +108,7 @@ use SP\Services\Account\AccountAcl;
                                         <?php if ($otherUserGroup->isSkip()): continue; endif; ?>
                                         <option
                                                 value="<?php echo $otherUserGroup->getId(); ?>"
-                                            <?php echo $otherUserGroup->isSelected() ? 'selected' : '' ?>><?php echo $otherUserGroup->getName(); ?></option>
+                                            <?php echo $otherUserGroup->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($otherUserGroup->getName(), ENT_QUOTES); ?></option>
                                     <?php endforeach; ?>
                                 </select>
                                 <i class="material-icons select-icon"
@@ -121,7 +121,7 @@ use SP\Services\Account\AccountAcl;
                                         <?php /** @var SelectItem $otherUserGroup */
                                         foreach ($_getvar('otherUserGroupsView') as $otherUserGroup): ?>
                                             <?php if ($otherUserGroup->isSelected()): ?>
-                                                <span class="tag"><?php echo $otherUserGroup->getName(); ?></span>
+                                                <span class="tag"><?php echo htmlspecialchars($otherUserGroup->getName(), ENT_QUOTES); ?></span>
                                             <?php endif; ?>
                                         <?php endforeach; ?>
                                     </div>
@@ -141,7 +141,7 @@ use SP\Services\Account\AccountAcl;
                                         <?php if ($otherUserGroup->isSkip()): continue; endif; ?>
                                         <option
                                                 value="<?php echo $otherUserGroup->getId(); ?>"
-                                            <?php echo $otherUserGroup->isSelected() ? 'selected' : '' ?>><?php echo $otherUserGroup->getName(); ?></option>
+                                            <?php echo $otherUserGroup->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($otherUserGroup->getName(), ENT_QUOTES); ?></option>
                                     <?php endforeach; ?>
                                 </select>
                                 <i class="material-icons select-icon"
@@ -154,7 +154,7 @@ use SP\Services\Account\AccountAcl;
                                         <?php /** @var SelectItem $otherUserGroup */
                                         foreach ($_getvar('otherUserGroupsEdit') as $otherUserGroup): ?>
                                             <?php if ($otherUserGroup->isSelected()): ?>
-                                                <span class="tag"><?php echo $otherUserGroup->getName(); ?></span>
+                                                <span class="tag"><?php echo htmlspecialchars($otherUserGroup->getName(), ENT_QUOTES); ?></span>
                                             <?php endif; ?>
                                         <?php endforeach; ?>
                                     </div>
@@ -190,7 +190,7 @@ use SP\Services\Account\AccountAcl;
                         foreach ($_getvar('users') as $user): ?>
                             <option
                                     value="<?php echo $user->getId(); ?>"
-                                <?php echo $user->isSelected() ? 'selected' : ''; ?>><?php echo $user->getName(); ?></option>
+                                <?php echo $user->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?></option>
                         <?php endforeach; ?>
                     </select>
                 </td>
@@ -214,7 +214,7 @@ use SP\Services\Account\AccountAcl;
                         foreach ($_getvar('userGroups') as $userGroup): ?>
                             <option
                                     value="<?php echo $userGroup->getId(); ?>"
-                                <?php echo $userGroup->isSelected() ? 'selected' : ''; ?>><?php echo $userGroup->getName(); ?></option>
+                                <?php echo $userGroup->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?></option>
                         <?php endforeach; ?>
                     </select>
                 </td>
diff --git a/app/modules/web/themes/material-blue/views/account/account-request.inc b/app/modules/web/themes/material-blue/views/account/account-request.inc
index ce2cd94f..4882b0d6 100644
--- a/app/modules/web/themes/material-blue/views/account/account-request.inc
+++ b/app/modules/web/themes/material-blue/views/account/account-request.inc
@@ -33,7 +33,7 @@ $accountData = $_getvar('accountData');
                     <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                         <input id="name" name="name" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
-                               value="<?php echo $accountData->getName(); ?>"
+                               value="<?php echo htmlspecialchars($accountData->getName(), ENT_QUOTES); ?>"
                                readonly>
                         <label class="mdl-textfield__label"
                                for="name"><?php echo __('Account name'); ?></label>
@@ -46,7 +46,7 @@ $accountData = $_getvar('accountData');
                     <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                         <input id="client" name="client" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
-                               value="<?php echo $accountData->getClientName(); ?>"
+                               value="<?php echo htmlspecialchars($accountData->getClientName(), ENT_QUOTES); ?>"
                                readonly>
                         <label class="mdl-textfield__label"
                                for="client"><?php echo __('Client'); ?></label>
diff --git a/app/modules/web/themes/material-blue/views/account/account.inc b/app/modules/web/themes/material-blue/views/account/account.inc
index 68323266..f3d69b10 100644
--- a/app/modules/web/themes/material-blue/views/account/account.inc
+++ b/app/modules/web/themes/material-blue/views/account/account.inc
@@ -82,8 +82,11 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
                                        required
                                        class="mdl-textfield__input mdl-color-text--indigo-400"
                                        maxlength="100"
-                                       value="<?php echo $gotData ? htmlentities($accountData->getName()) : ''; ?>"
-                                    <?php echo $_getvar('readonly'); ?>>
+                                       value="<?php echo $gotData
+                                           ? htmlspecialchars($accountData->getName(), ENT_QUOTES)
+                                           : ''; ?>"
+                                    <?php echo $_getvar('readonly'); ?>
+                                >
                                 <label class="mdl-textfield__label"
                                        for="name"><?php echo __('Account name'); ?></label>
                             </div>
@@ -101,7 +104,13 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
                                 <?php /** @var SelectItem $client */
                                 foreach ($_getvar('clients') as $client): ?>
                                     <option
-                                            value="<?php echo $client->getId(); ?>" <?php echo ($gotData && $client->getId() === $accountData->getClientId()) ? 'selected' : ''; ?>><?php echo $client->getName(); ?></option>
+                                            value="<?php echo $client->getId(); ?>"
+                                        <?php echo ($gotData && $client->getId() === $accountData->getClientId())
+                                            ? 'selected'
+                                            : ''; ?>
+                                    >
+                                        <?php echo htmlspecialchars($client->getName(), ENT_QUOTES); ?>
+                                    </option>
                                 <?php endforeach; ?>
                             </select>
                             <?php if ($_getvar('addClientEnabled')): ?>
@@ -127,7 +136,13 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
                                 <?php /** @var SelectItem $category */
                                 foreach ($_getvar('categories') as $category): ?>
                                     <option
-                                            value="<?php echo $category->getId(); ?>" <?php echo ($gotData && $category->getId() === $accountData->getCategoryId()) ? 'selected' : ''; ?>><?php echo $category->getName(); ?></option>
+                                            value="<?php echo $category->getId(); ?>"
+                                        <?php echo ($gotData && $category->getId() === $accountData->getCategoryId())
+                                            ? 'selected'
+                                            : ''; ?>
+                                    >
+                                        <?php echo htmlspecialchars($category->getName(), ENT_QUOTES); ?>
+                                    </option>
                                 <?php endforeach; ?>
                             </select>
                             <?php if ($_getvar('addCategoryEnabled')): ?>
@@ -148,7 +163,11 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
                                 <input id="url" name="url" type="text"
                                        class="mdl-textfield__input mdl-color-text--indigo-400"
                                        maxlength="255"
-                                       value="<?php echo $gotData ? $accountData->getUrl() : ''; ?>" <?php echo $_getvar('readonly'); ?>>
+                                       value="<?php echo $gotData
+                                           ? $accountData->getUrl()
+                                           : ''; ?>"
+                                    <?php echo $_getvar('readonly'); ?>
+                                >
                                 <label class="mdl-textfield__label"
                                        for="name"><?php echo __('Access URL or IP'); ?></label>
                             </div>
@@ -161,7 +180,11 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
                                 <input id="login" name="login" type="text"
                                        class="mdl-textfield__input mdl-color-text--indigo-400"
                                        maxlength="50"
-                                       value="<?php echo $gotData ? htmlentities($accountData->getLogin()) : ''; ?>" <?php echo $_getvar('readonly'); ?>>
+                                       value="<?php echo $gotData
+                                           ? htmlspecialchars($accountData->getLogin(), ENT_QUOTES)
+                                           : ''; ?>"
+                                    <?php echo $_getvar('readonly'); ?>
+                                >
                                 <label class="mdl-textfield__label"
                                        for="name"><?php echo __('Access user'); ?></label>
                             </div>
@@ -206,7 +229,9 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
                                                type="date"
                                                class="mdl-textfield__input mdl-color-text--indigo-400 password-datefield__input"
                                                value="<?php echo $_getvar('accountPassDateChange'); ?>"
-                                               data-dst-unix="password_date_expire_unix" <?php echo $_getvar('readonly'); ?>>
+                                               data-dst-unix="password_date_expire_unix"
+                                            <?php echo $_getvar('readonly'); ?>
+                                        >
                                         <input type='hidden'
                                                name='password_date_expire_unix'
                                                value=""/>
@@ -228,7 +253,11 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
                                 class="mdl-textfield__input mdl-color-text--indigo-400"
                                 rows="3" id="notes"
                                 name="notes"
-                                maxlength="5000" <?php echo $_getvar('readonly'); ?>><?php echo $gotData ? htmlspecialchars($accountData->getNotes(), ENT_QUOTES) : ''; ?></textarea>
+                                maxlength="5000" <?php echo $_getvar('readonly'); ?>>
+                            <?php echo $gotData
+                                ? htmlspecialchars($accountData->getNotes(), ENT_QUOTES)
+                                : ''; ?>
+                        </textarea>
                                 <label class="mdl-textfield__label"
                                        for="notes"><?php echo __('Notes about the account'); ?></label>
                             </div>
@@ -245,7 +274,10 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
                                     <option value=""><?php echo __('Select Tags'); ?></option>
                                     <?php /** @var SelectItem $tag */
                                     foreach ($_getvar('tags') as $tag): ?>
-                                        <option value="<?php echo $tag->getId(); ?>" <?php echo $tag->isSelected() ? 'selected' : ''; ?>><?php echo $tag->getName(); ?></option>
+                                        <option value="<?php echo $tag->getId(); ?>"
+                                            <?php echo $tag->isSelected() ? 'selected' : ''; ?>>
+                                            <?php echo htmlspecialchars($tag->getName(), ENT_QUOTES); ?>
+                                        </option>
                                     <?php endforeach; ?>
                                 </select>
                                 <?php if ($_getvar('addTagEnabled')): ?>
@@ -255,7 +287,9 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
                                        data-item-route="items/tags"
                                        data-item-dst="tags"
                                        data-item-id="0"
-                                       data-onclick="appMgmt/show"><?php echo $icons->getIconAdd()->getIcon(); ?></i>
+                                       data-onclick="appMgmt/show">
+                                        <?php echo $icons->getIconAdd()->getIcon(); ?>
+                                    </i>
                                 <?php endif; ?>
                                 <?php if ($_getvar('copyAction')): ?>
                                     <input type="hidden" name="tags_update"
@@ -268,7 +302,7 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
                                             <?php /** @var SelectItem $tag */
                                             foreach ($_getvar('tags') as $tag): ?>
                                                 <?php if ($tag->isSelected()): ?>
-                                                    <span class="tag"><?php echo $tag->getName(); ?></span>
+                                                    <span class="tag"><?php echo htmlspecialchars($tag->getName(), ENT_QUOTES); ?></span>
                                                 <?php endif; ?>
                                             <?php endforeach; ?>
                                         </div>
@@ -312,7 +346,9 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
                                     <?php /** @var SelectItem $history */
                                     foreach ($_getvar('historyData') as $history): ?>
                                         <option
-                                                value="<?php echo $history->getId(); ?>"><?php echo $history->getName(); ?></option>
+                                                value="<?php echo $history->getId(); ?>">
+                                            <?php echo htmlspecialchars($history->getName(), ENT_QUOTES); ?>
+                                        </option>
                                     <?php endforeach; ?>
                                 </select>
                             </td>
@@ -324,7 +360,10 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
                         && $accountData->getUserEditName()): ?>
                         <tr>
                             <td class="descField"><?php echo __('Last Modification'); ?></td>
-                            <td class="valField"><?php printf('%s (%s)', $accountData->getDateEdit(), $accountData->getUserEditName()); ?></td>
+                            <td class="valField"><?php printf('%s (%s)',
+                                    $accountData->getDateEdit(),
+                                    htmlspecialchars($accountData->getUserEditName(), ENT_QUOTES)); ?>
+                            </td>
                         </tr>
                     <?php endif; ?>
 
@@ -344,18 +383,20 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
                         </tr>
                     <?php endif; ?>
 
-                    <tr>
-                        <td class="descField"><?php echo __('Direct Link'); ?></td>
-                        <td class="valField">
-                            <div class="lowres-title"><?php echo __('Direct Link'); ?></div>
+                    <?php if ($_getvar('accountId')): ?>
+                        <tr>
+                            <td class="descField"><?php echo __('Direct Link'); ?></td>
+                            <td class="valField">
+                                <div class="lowres-title"><?php echo __('Direct Link'); ?></div>
 
-                            <a href="<?php echo $_getvar('deepLink'); ?>"
-                               target="_blank"
-                               title="<?php echo __('Direct Link'); ?>">
-                                <i class="material-icons"><?php echo $icons->getIconPublicLink()->getIcon(); ?></i>
-                            </a>
-                        </td>
-                    </tr>
+                                <a href="<?php echo $_getvar('deepLink'); ?>"
+                                   target="_blank"
+                                   title="<?php echo __('Direct Link'); ?>">
+                                    <i class="material-icons"><?php echo $icons->getIconPublicLink()->getIcon(); ?></i>
+                                </a>
+                            </td>
+                        </tr>
+                    <?php endif; ?>
                 </table>
             </div>
 
diff --git a/app/modules/web/themes/material-blue/views/account/details.inc b/app/modules/web/themes/material-blue/views/account/details.inc
index f2e3a0c5..e4e99ae3 100644
--- a/app/modules/web/themes/material-blue/views/account/details.inc
+++ b/app/modules/web/themes/material-blue/views/account/details.inc
@@ -39,7 +39,7 @@ use SP\Services\Account\AccountAcl;
                 <td class="valField">
                     <div class="lowres-title"><?php echo __('Last Modification'); ?></div>
 
-                    <?php printf('%s (%s)', $accountData->getDateEdit(), $accountData->getUserEditName()); ?>
+                    <?php printf('%s (%s)', $accountData->getDateEdit(), htmlspecialchars($accountData->getUserEditName(), ENT_QUOTES)); ?>
                 </td>
             </tr>
         <?php endif; ?>
@@ -49,7 +49,7 @@ use SP\Services\Account\AccountAcl;
             <td class="valField">
                 <div class="lowres-title"><?php echo __('Owner'); ?></div>
 
-                <?php echo $accountData->getUserName() ?: $accountData->getUserLogin(); ?>
+                <?php echo htmlspecialchars($accountData->getUserName(), ENT_QUOTES) ?: htmlspecialchars($accountData->getUserLogin(), ENT_QUOTES); ?>
             </td>
         </tr>
         <tr>
@@ -57,7 +57,7 @@ use SP\Services\Account\AccountAcl;
             <td class="valField">
                 <div class="lowres-title"><?php echo __('Main Group'); ?></div>
 
-                <?php echo $accountData->getUserGroupName(); ?>
+                <?php echo htmlspecialchars($accountData->getUserGroupName(), ENT_QUOTES); ?>
             </td>
         </tr>
 
@@ -75,7 +75,7 @@ use SP\Services\Account\AccountAcl;
                 <td class="valField">
                     <div class="lowres-title"><?php echo __('Editor'); ?></div>
 
-                    <?php echo $accountData->getUserEditName() ?: $accountData->getUserEditLogin(); ?>
+                    <?php echo htmlspecialchars($accountData->getUserEditName(), ENT_QUOTES) ?: htmlspecialchars($accountData->getUserEditLogin(), ENT_QUOTES); ?>
                 </td>
             </tr>
         <?php endif; ?>
diff --git a/app/modules/web/themes/material-blue/views/account/files-list.inc b/app/modules/web/themes/material-blue/views/account/files-list.inc
index 2c1e16dd..400b445c 100644
--- a/app/modules/web/themes/material-blue/views/account/files-list.inc
+++ b/app/modules/web/themes/material-blue/views/account/files-list.inc
@@ -20,14 +20,14 @@ use SP\Html\Html;
             ?>
             <li class="mdl-list__item">
                 <span class="mdl-list__item-primary-content"
-                      title="<?php echo $file->getName(); ?>">
+                      title="<?php echo htmlspecialchars($file->getName(), ENT_QUOTES); ?>">
                     <i class="material-icons  mdl-list__item-icon">attachment</i>
                     <span><?php printf('%s (%d KB)', Html::truncate($file->getName(), 50), $file->getSize() / 1024); ?></span>
                 </span>
 
                 <span class="list-actions">
                     <?php if ($file->getThumb() !== 'no_thumb'): ?>
-                        <span title="<?php echo $file->getName(); ?>"
+                        <span title="<?php echo htmlspecialchars($file->getName(), ENT_QUOTES); ?>"
                               class="btn-action"
                               data-item-id="<?php echo $file->getId(); ?>"
                               data-action-route="<?php echo $_getvar('fileViewRoute'); ?>"
diff --git a/app/modules/web/themes/material-blue/views/account/linkedAccounts.inc b/app/modules/web/themes/material-blue/views/account/linkedAccounts.inc
index b210811f..aabd0015 100644
--- a/app/modules/web/themes/material-blue/views/account/linkedAccounts.inc
+++ b/app/modules/web/themes/material-blue/views/account/linkedAccounts.inc
@@ -17,7 +17,7 @@ use SP\Core\UI\ThemeIcons;
                 <li class="mdl-list__item">
                     <span class="btn-action mdl-list__item-primary-content">
                         <i class="material-icons mdl-list__item-icon">layers</i>
-                        <?php printf('%s (%s)', $account->name, $account->clientName); ?>
+                        <?php printf('%s (%s)', htmlspecialchars($account->name, ENT_QUOTES), htmlspecialchars($account->clientName, ENT_QUOTES)); ?>
                     </span>
                     <span class="list-actions">
                         <i class="material-icons btn-action mdl-list__item-icon <?php echo $icons->getIconEdit()->getClass(); ?>"
diff --git a/app/modules/web/themes/material-blue/views/account/search-rows.inc b/app/modules/web/themes/material-blue/views/account/search-rows.inc
index 7bfe1cab..56d59292 100644
--- a/app/modules/web/themes/material-blue/views/account/search-rows.inc
+++ b/app/modules/web/themes/material-blue/views/account/search-rows.inc
@@ -44,17 +44,25 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                                title="<?php echo __('Search in Wiki'); ?>">
                                 <span class="mdl-chip mdl-chip--contact">
                                     <span style="background-color: <?php echo $accountSearchItem->getColor(); ?>;"
-                                          class="mdl-chip__contact mdl-color-text--white"><?php echo mb_ucfirst($accountSearchData->getClientName()); ?></span>
+                                          class="mdl-chip__contact mdl-color-text--white">
+                                        <?php echo htmlspecialchars(mb_ucfirst($accountSearchData->getClientName()), ENT_QUOTES); ?>
+                                    </span>
                                     <span class="mdl-chip__text"
-                                          title="<?php echo $accountSearchData->getClientName(); ?>"><?php echo $accountSearchItem->getShortClientName(); ?></span>
+                                          title="<?php echo htmlspecialchars($accountSearchData->getClientName(), ENT_QUOTES); ?>">
+                                        <?php echo htmlspecialchars($accountSearchItem->getShortClientName(), ENT_QUOTES); ?>
+                                    </span>
                                 </span>
                             </a>
                         <?php else: ?>
                             <span class="mdl-chip mdl-chip--contact">
                                 <span style="background-color: <?php echo $accountSearchItem->getColor(); ?>;"
-                                      class="mdl-chip__contact mdl-color-text--white"><?php echo mb_ucfirst($accountSearchData->getClientName()); ?></span>
+                                      class="mdl-chip__contact mdl-color-text--white">
+                                    <?php echo htmlspecialchars(mb_ucfirst($accountSearchData->getClientName()), ENT_QUOTES); ?>
+                                </span>
                                 <span class="mdl-chip__text"
-                                      title="<?php echo $accountSearchData->getClientName(); ?>"><?php echo $accountSearchItem->getShortClientName(); ?></span>
+                                      title="<?php echo htmlspecialchars($accountSearchData->getClientName(), ENT_QUOTES); ?>">
+                                    <?php echo htmlspecialchars($accountSearchItem->getShortClientName(), ENT_QUOTES); ?>
+                                </span>
                             </span>
                         <?php endif; ?>
                     </div>
@@ -68,23 +76,27 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                                class="btn-action"
                                data-action-route="<?php echo $_getvar('viewAccountRoute'); ?>"
                                data-item-id="<?php echo $accountSearchData->getId(); ?>"
-                               data-onclick="account/view"><?php echo $accountSearchData->getName(); ?></a>
+                               data-onclick="account/view"><?php echo htmlspecialchars(accountSearchData->getName(), ENT_QUOTES); ?></a>
                         <?php else: ?>
                             <div class="field-text">
-                                <?php echo $accountSearchData->getName(); ?>
+                                <?php echo htmlspecialchars($accountSearchData->getName(), ENT_QUOTES); ?>
                             </div>
                         <?php endif; ?>
                     </div>
 
                     <div class="field-category field-text label-field">
                         <div class="field-name"><?php echo __('Category'); ?></div>
-                        <div class="field-text"><?php echo $accountSearchData->getCategoryName(); ?></div>
+                        <div class="field-text">
+                            <?php echo htmlspecialchars($accountSearchData->getCategoryName(), ENT_QUOTES); ?>
+                        </div>
                     </div>
 
                     <?php if ($accountSearchItem->isShow()): ?>
                         <div class="field-user field-text label-field">
                             <div class="field-name"><?php echo __('User'); ?></div>
-                            <div class="field-text"><?php echo $accountSearchItem->getShortLogin(); ?></div>
+                            <div class="field-text">
+                                <?php echo htmlspecialchars($accountSearchItem->getShortLogin(), ENT_QUOTES); ?>
+                            </div>
                         </div>
 
                         <div class="field-url field-text label-field">
@@ -92,7 +104,9 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                             <?php if ($accountSearchItem->isUrlIslink()): ?>
                                 <a href="<?php echo $accountSearchData->getUrl(); ?>"
                                    target="_blank"
-                                   title="<?php printf(__('Open link to: %s'), $accountSearchData->getUrl()); ?>"><?php echo $accountSearchItem->getShortUrl(); ?></a>
+                                   title="<?php printf(__('Open link to: %s'), $accountSearchData->getUrl()); ?>">
+                                    <?php echo $accountSearchItem->getShortUrl(); ?>
+                                </a>
                             <?php else: ?>
                                 <div class="field-text"><?php echo $accountSearchItem->getShortUrl(); ?></div>
                             <?php endif; ?>
@@ -106,7 +120,9 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                     <div class="tags-box">
                         <?php foreach ($accountSearchItem->getTags() as $tag): ?>
                             <span class="tag"
-                                  data-tag-id="<?php echo $tag->id; ?>"><?php echo $tag->name; ?></span>
+                                  data-tag-id="<?php echo $tag->id; ?>">
+                                <?php echo htmlspecialchars($tag->name, ENT_QUOTES); ?>
+                            </span>
                         <?php endforeach; ?>
                     </div>
                 </div>
@@ -120,7 +136,9 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                                 <?php echo $icons->getIconWarning()->getIcon(); ?></i>
                             <span
                                     for="icon-expired-<?php echo $accountSearchData->getId(); ?>"
-                                    class="mdl-tooltip mdl-tooltip--top"><?php echo __('Password Expired'); ?></span>
+                                    class="mdl-tooltip mdl-tooltip--top">
+                                <?php echo __('Password Expired'); ?>
+                            </span>
                         <?php endif; ?>
 
                         <?php if ($accountSearchData->getIsPrivate() === 1): ?>
@@ -128,13 +146,17 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                                class="material-icons">lock</i>
                             <span
                                     for="icon-private-<?php echo $accountSearchData->getId(); ?>"
-                                    class="mdl-tooltip mdl-tooltip--top"><?php echo __('Private Account'); ?></span>
+                                    class="mdl-tooltip mdl-tooltip--top">
+                                <?php echo __('Private Account'); ?>
+                            </span>
                         <?php elseif ($accountSearchData->getIsPrivateGroup() === 1): ?>
                             <i id="icon-private-<?php echo $accountSearchData->getId(); ?>"
                                class="material-icons">lock_open</i>
                             <span
                                     for="icon-private-<?php echo $accountSearchData->getId(); ?>"
-                                    class="mdl-tooltip mdl-tooltip--top"><?php echo __('Private Account (Group)'); ?></span>
+                                    class="mdl-tooltip mdl-tooltip--top">
+                                <?php echo __('Private Account (Group)'); ?>
+                            </span>
                         <?php else: ?>
                             <i id="accesses-<?php echo $accountSearchData->getId(); ?>"
                                class="material-icons">face</i>
@@ -159,7 +181,9 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                                data-status="<?php echo 'on'; ?>">star</i>
                             <span
                                     for="btn-favorite-<?php echo $accountSearchData->getId(); ?>"
-                                    class="mdl-tooltip mdl-tooltip--top"><?php echo __('Delete Favorite'); ?></span>
+                                    class="mdl-tooltip mdl-tooltip--top">
+                                <?php echo __('Delete Favorite'); ?>
+                            </span>
                         <?php else: ?>
                             <i id="btn-favorite-<?php echo $accountSearchData->getId(); ?>"
                                class="material-icons icon-favorite"
@@ -169,7 +193,9 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                                data-status="<?php echo 'off'; ?>">star_border</i>
                             <span
                                     for="btn-favorite-<?php echo $accountSearchData->getId(); ?>"
-                                    class="mdl-tooltip mdl-tooltip--top"><?php echo __('Mark as Favorite'); ?></span>
+                                    class="mdl-tooltip mdl-tooltip--top">
+                                <?php echo __('Mark as Favorite'); ?>
+                            </span>
                         <?php endif; ?>
 
                         <?php if ($accountSearchData->getNotes() !== ''): ?>
@@ -192,7 +218,11 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                             <div class="mdl-tooltip mdl-tooltip--top"
                                  for="attachments-<?php echo $accountSearchData->getId(); ?>">
                                 <div class="tooltip-text">
-                                    <?php printf('%s: %d', __('Attachments'), $accountSearchItem->getNumFiles()); ?>
+                                    <?php printf(
+                                            '%s: %d',
+                                        __('Attachments'),
+                                        $accountSearchItem->getNumFiles()
+                                    ); ?>
                                 </div>
                             </div>
                         <?php endif; ?>
@@ -205,9 +235,17 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                                 <div class="tooltip-text">
                                     <p class="tooltip-header"><?php echo __('Public Link'); ?></p>
                                     <p>
-                                        <?php printf('%s: %s', __('Expiry Date'), DateUtil::getDateFromUnix($accountSearchData->getPublicLinkDateExpire())); ?>
+                                        <?php printf(
+                                                '%s: %s',
+                                            __('Expiry Date'),
+                                            DateUtil::getDateFromUnix($accountSearchData->getPublicLinkDateExpire())
+                                        ); ?>
                                         <br>
-                                        <?php printf('%s: %s', __('Visits'), $accountSearchData->getPublicLinkTotalCountViews()); ?>
+                                        <?php printf(
+                                                '%s: %s',
+                                                __('Visits'),
+                                                $accountSearchData->getPublicLinkTotalCountViews()
+                                        ); ?>
                                     </p>
                                 </div>
                             </div>
@@ -216,7 +254,7 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                         <?php if ($wikiFilter
                             && $accountSearchItem->isWikiMatch($wikiFilter)): ?>
                             <?php if (AccountSearchItem::$dokuWikiEnabled): ?>
-                                <a href="<?php echo $_getvar('wikiPageUrl'), $accountSearchData->getName(); ?>"
+                                <a href="<?php echo $_getvar('wikiPageUrl'), urldecode($accountSearchData->getName()); ?>"
                                    target="_blank">
                                     <i class="material-icons"
                                        title="<?php echo __('Link to Wiki'); ?>">library_books</i>
@@ -224,10 +262,10 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                                 <i class="btn-action material-icons fg-green100"
                                    title="<?php echo __('View at Wiki'); ?>"
                                    data-action-route="<?php echo ActionsInterface::WIKI_VIEW; ?>"
-                                   data-pagename="<?php echo $accountSearchData->getName(); ?>"
+                                   data-pagename="<?php echo htmlspecialchars($accountSearchData->getName(), ENT_QUOTES); ?>"
                                    data-onclick="wiki/show">library_books</i>
                             <?php else: ?>
-                                <a href="<?php echo $_getvar('wikiPageUrl'), $accountSearchData->getName(); ?>"
+                                <a href="<?php echo $_getvar('wikiPageUrl'), urlencode($accountSearchData->getName()); ?>"
                                    target="_blank">
                                     <i class="material-icons"
                                        title="<?php echo __('Link to Wiki'); ?>">library_books</i>
@@ -248,7 +286,9 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                                class="btn-action material-icons <?php echo $action->getClassesAsString(), ' ', $action->getIcon()->getClass(); ?>"
                                data-item-id="<?php echo $accountSearchData->getId(); ?>"
                                data-parent-id="<?php echo $accountSearchData->getParentId(); ?>"
-                                <?php foreach ($action->getData() as $dataName => $dataValue): printf('data-%s="%s"', $dataName, $dataValue); endforeach; ?>>
+                                <?php foreach ($action->getData() as $dataName => $dataValue):
+                                    printf('data-%s="%s"', $dataName, $dataValue);
+                                endforeach; ?>>
                                 <?php echo $action->getIcon()->getIcon(); ?></i>
                             <span
                                     for="<?php echo $actionUid; ?>"
@@ -271,9 +311,13 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
                                         <li class="btn-action mdl-menu__item <?php echo $actionMenu->getClassesAsString(); ?>"
                                             data-item-id="<?php echo $accountSearchData->getId(); ?>"
                                             data-parent-id="<?php echo $accountSearchData->getParentId(); ?>"
-                                            <?php foreach ($actionMenu->getData() as $dataName => $dataValue): printf('data-%s="%s"', $dataName, $dataValue); endforeach; ?>>
+                                            <?php foreach ($actionMenu->getData() as $dataName => $dataValue):
+                                                printf('data-%s="%s"', $dataName, $dataValue);
+                                            endforeach; ?>>
                                             <i class="material-icons <?php echo $actionMenu->getIcon()->getClass(); ?>"
-                                               title="<?php echo $actionMenu->getTitle(); ?>"><?php echo $actionMenu->getIcon()->getIcon(); ?></i>
+                                               title="<?php echo $actionMenu->getTitle(); ?>">
+                                                <?php echo $actionMenu->getIcon()->getIcon(); ?>
+                                            </i>
                                             <?php echo $actionMenu->getName(); ?>
                                         </li>
                                     <?php endforeach; ?>
diff --git a/app/modules/web/themes/material-blue/views/account/search-searchbox.inc b/app/modules/web/themes/material-blue/views/account/search-searchbox.inc
index 0e3524d9..f1d10630 100644
--- a/app/modules/web/themes/material-blue/views/account/search-searchbox.inc
+++ b/app/modules/web/themes/material-blue/views/account/search-searchbox.inc
@@ -44,7 +44,7 @@ $pager = $data->getPager();
                 <?php /** @var SelectItem $client */
                 foreach ($_getvar('clients') as $client): ?>
                     <option
-                            value="<?php echo $client->getId(); ?>" <?php echo $client->isSelected() ? 'selected' : ''; ?>><?php echo $client->getName(); ?></option>
+                            value="<?php echo $client->getId(); ?>" <?php echo $client->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($client->getName(), ENT_QUOTES); ?></option>
                 <?php endforeach; ?>
             </select>
 
@@ -54,7 +54,7 @@ $pager = $data->getPager();
                 <?php /** @var SelectItem $category */
                 foreach ($_getvar('categories') as $category): ?>
                     <option
-                            value="<?php echo $category->getId(); ?>" <?php echo $category->isSelected() ? 'selected' : ''; ?>><?php echo $category->getName(); ?></option>
+                            value="<?php echo $category->getId(); ?>" <?php echo $category->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($category->getName(), ENT_QUOTES); ?></option>
                 <?php endforeach; ?>
             </select>
         </div>
@@ -135,7 +135,7 @@ $pager = $data->getPager();
                 <?php /** @var SelectItem $tag */
                 foreach ($_getvar('tags') as $tag): ?>
                     <option
-                            value="<?php echo $tag->getId(); ?>" <?php echo $tag->isSelected() ? 'selected' : ''; ?>><?php echo $tag->getName(); ?></option>
+                            value="<?php echo $tag->getId(); ?>" <?php echo $tag->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($tag->getName(), ENT_QUOTES); ?></option>
                 <?php endforeach; ?>
             </select>
         </div>
diff --git a/app/modules/web/themes/material-blue/views/common/aux-customfields.inc b/app/modules/web/themes/material-blue/views/common/aux-customfields.inc
index 98c2b51c..5b45f7ab 100644
--- a/app/modules/web/themes/material-blue/views/common/aux-customfields.inc
+++ b/app/modules/web/themes/material-blue/views/common/aux-customfields.inc
@@ -15,7 +15,7 @@ $customFields = $_getvar('customFields');
 foreach ($customFields as $index => $field):?>
     <tr>
         <td class="descField">
-            <?php echo $field->definitionName; ?>
+            <?php echo htmlspecialchars($field->definitionName, ENT_QUOTES); ?>
             <?php if ($field->isEncrypted && $field->isValueEncrypted === true): ?>
                 <i class="icon material-icons mdl-color-text--teal-500"
                    title="<?php echo __('Encrypted'); ?>">
@@ -58,7 +58,7 @@ foreach ($customFields as $index => $field):?>
                            maxlength="500"
                            value="<?php echo !$_getvar('showViewCustomPass') && !empty($field->value) ? '***' : htmlspecialchars($field->value, ENT_QUOTES); ?>" <?php echo $field->required ? 'required' : ''; ?> <?php echo $_getvar('readonly'); ?>>
                     <label class="mdl-textfield__label"
-                           for="<?php echo $field->formId; ?>"><?php echo $field->definitionName; ?></label>
+                           for="<?php echo $field->formId; ?>"><?php echo htmlspecialchars($field->definitionName, ENT_QUOTES); ?></label>
                 </div>
             <?php elseif ($field->typeName === 'textarea'): ?>
                 <div class="mdl-textfield mdl-js-textfield">
@@ -68,7 +68,7 @@ foreach ($customFields as $index => $field):?>
                             name="customfield[<?php echo $field->definitionId; ?>]"
                             id="<?php echo $field->formId; ?>" <?php echo $_getvar('readonly'); ?>><?php echo htmlspecialchars($field->value, ENT_QUOTES); ?></textarea>
                     <label class="mdl-textfield__label"
-                           for="<?php echo $field->formId; ?>"><?php echo $field->definitionName; ?></label>
+                           for="<?php echo $field->formId; ?>"><?php echo htmlspecialchars($field->definitionName, ENT_QUOTES); ?></label>
                 </div>
             <?php else: ?>
                 <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
@@ -79,7 +79,7 @@ foreach ($customFields as $index => $field):?>
                            maxlength="500"
                            value="<?php echo htmlspecialchars($field->value, ENT_QUOTES); ?>" <?php echo $field->required ? 'required' : ''; ?> <?php echo $_getvar('readonly'); ?>>
                     <label class="mdl-textfield__label"
-                           for="<?php echo $field->formId; ?>"><?php echo $field->definitionName; ?></label>
+                           for="<?php echo $field->formId; ?>"><?php echo htmlspecialchars($field->definitionName, ENT_QUOTES); ?></label>
                 </div>
             <?php endif; ?>
         </td>
diff --git a/app/modules/web/themes/material-blue/views/config/encryption.inc b/app/modules/web/themes/material-blue/views/config/encryption.inc
index 9d172a63..98e3ae4d 100644
--- a/app/modules/web/themes/material-blue/views/config/encryption.inc
+++ b/app/modules/web/themes/material-blue/views/config/encryption.inc
@@ -307,7 +307,7 @@ $disabled = $configData->isMaintenance() ? '' : 'disabled';
                     <?php /** @var SelectItem $userGroup */
                     foreach ($_getvar('userGroups') as $userGroup): ?>
                         <option
-                                value="<?php echo $userGroup->getId(); ?>"><?php echo $userGroup->getName(); ?></option>
+                                value="<?php echo $userGroup->getId(); ?>"><?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?></option>
                     <?php endforeach; ?>
                 </select>
             </td>
diff --git a/app/modules/web/themes/material-blue/views/config/general-auth.inc b/app/modules/web/themes/material-blue/views/config/general-auth.inc
index b212f0a6..a9c01e2a 100644
--- a/app/modules/web/themes/material-blue/views/config/general-auth.inc
+++ b/app/modules/web/themes/material-blue/views/config/general-auth.inc
@@ -101,7 +101,7 @@ use SP\Mvc\View\Template;
                 <?php /** @var SelectItem $userGroup */
                 foreach ($_getvar('userGroups') as $userGroup): ?>
                     <option
-                            value="<?php echo $userGroup->getId(); ?>" <?php echo $userGroup->getId() === $configData->getSsoDefaultGroup() ? 'selected' : ''; ?>><?php echo $userGroup->getName(); ?></option>
+                            value="<?php echo $userGroup->getId(); ?>" <?php echo $userGroup->getId() === $configData->getSsoDefaultGroup() ? 'selected' : ''; ?>><?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?></option>
                 <?php endforeach; ?>
             </select>
         </td>
@@ -127,7 +127,7 @@ use SP\Mvc\View\Template;
                 <?php /** @var SelectItem $userProfile */
                 foreach ($_getvar('userProfiles') as $userProfile): ?>
                     <option
-                            value="<?php echo $userProfile->getId(); ?>" <?php echo ($userProfile->getId() === $configData->getSsoDefaultProfile()) ? 'selected' : ''; ?>><?php echo $userProfile->getName(); ?></option>
+                            value="<?php echo $userProfile->getId(); ?>" <?php echo ($userProfile->getId() === $configData->getSsoDefaultProfile()) ? 'selected' : ''; ?>><?php echo htmlspecialchars($userProfile->getName(), ENT_QUOTES); ?></option>
                 <?php endforeach; ?>
             </select>
         </td>
diff --git a/app/modules/web/themes/material-blue/views/config/import.inc b/app/modules/web/themes/material-blue/views/config/import.inc
index ad5d04fe..6a1f8748 100644
--- a/app/modules/web/themes/material-blue/views/config/import.inc
+++ b/app/modules/web/themes/material-blue/views/config/import.inc
@@ -41,7 +41,7 @@ use SP\Mvc\View\Template;
                 foreach ($_getvar('users') as $user): ?>
                     <option
                             value="<?php echo $user->getId(); ?>" <?php echo $user->isSelected() ? 'selected' : ''; ?>>
-                        <?php echo $user->getName(); ?>
+                        <?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?>
                     </option>
                 <?php endforeach; ?>
             </select>
@@ -69,7 +69,7 @@ use SP\Mvc\View\Template;
                 foreach ($_getvar('userGroups') as $userGroup): ?>
                     <option
                             value="<?php echo $userGroup->getId(); ?>" <?php echo $userGroup->isSelected() ? 'selected' : ''; ?>>
-                        <?php echo $userGroup->getName(); ?>
+                        <?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?>
                     </option>
                 <?php endforeach; ?>
             </select>
diff --git a/app/modules/web/themes/material-blue/views/config/ldap.inc b/app/modules/web/themes/material-blue/views/config/ldap.inc
index 80e1f234..ed31b130 100644
--- a/app/modules/web/themes/material-blue/views/config/ldap.inc
+++ b/app/modules/web/themes/material-blue/views/config/ldap.inc
@@ -286,7 +286,10 @@ use SP\Mvc\View\Template;
                     <?php /** @var SelectItem $userGroup */
                     foreach ($_getvar('userGroups') as $userGroup): ?>
                         <option
-                                value="<?php echo $userGroup->getId(); ?>" <?php echo $userGroup->getId() === $configData->getLdapDefaultGroup() ? 'selected' : ''; ?>><?php echo $userGroup->getName(); ?></option>
+                                value="<?php echo $userGroup->getId(); ?>"
+                            <?php echo $userGroup->getId() === $configData->getLdapDefaultGroup() ? 'selected' : ''; ?>>
+                            <?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?>
+                        </option>
                     <?php endforeach; ?>
                 </select>
             </td>
@@ -312,7 +315,7 @@ use SP\Mvc\View\Template;
                     <?php /** @var SelectItem $userProfile */
                     foreach ($_getvar('userProfiles') as $userProfile): ?>
                         <option
-                                value="<?php echo $userProfile->getId(); ?>" <?php echo ($userProfile->getId() === $configData->getLdapDefaultProfile()) ? 'selected' : ''; ?>><?php echo $userProfile->getName(); ?></option>
+                                value="<?php echo $userProfile->getId(); ?>" <?php echo ($userProfile->getId() === $configData->getLdapDefaultProfile()) ? 'selected' : ''; ?>><?php echo htmlspecialchars($userProfile->getName(), ENT_QUOTES); ?></option>
                     <?php endforeach; ?>
                 </select>
             </td>
diff --git a/app/modules/web/themes/material-blue/views/config/wiki-dokuwiki.inc b/app/modules/web/themes/material-blue/views/config/wiki-dokuwiki.inc
index fb815e56..077ce8a7 100644
--- a/app/modules/web/themes/material-blue/views/config/wiki-dokuwiki.inc
+++ b/app/modules/web/themes/material-blue/views/config/wiki-dokuwiki.inc
@@ -181,7 +181,7 @@ use SP\Mvc\View\Template;
                            type="text"
                            class="mdl-textfield__input mdl-color-text--indigo-400"
                            maxlength="128"
-                           value="<?php echo $configData->getDokuwikiNamespace(); ?>"/>
+                           value="<?php echo htmlspecialchars($configData->getDokuwikiNamespace(), ENT_QUOTES); ?>"/>
                     <label class="mdl-textfield__label"
                            for="dokuwiki_namespace"><?php echo __('Namespace'); ?></label>
                 </div>
diff --git a/app/modules/web/themes/material-blue/views/itemshow/account_bulkedit.inc b/app/modules/web/themes/material-blue/views/itemshow/account_bulkedit.inc
index 0b5ce713..0a0857ba 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/account_bulkedit.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/account_bulkedit.inc
@@ -51,7 +51,7 @@ use SP\Mvc\View\Template;
                                 <option value=""><?php echo __('Select Client'); ?></option>
                                 <?php foreach ($_getvar('clients') as $client): ?>
                                     <option
-                                            value="<?php echo $client->getId(); ?>"><?php echo $client->getName(); ?></option>
+                                            value="<?php echo $client->getId(); ?>"><?php echo htmlspecialchars($client->getName(), ENT_QUOTES); ?></option>
                                 <?php endforeach; ?>
                             </select>
                         </td>
@@ -67,7 +67,7 @@ use SP\Mvc\View\Template;
                                 <option value=""><?php echo __('Select Category'); ?></option>
                                 <?php foreach ($_getvar('categories') as $category): ?>
                                     <option
-                                            value="<?php echo $category->getId(); ?>"><?php echo $category->getName(); ?></option>
+                                            value="<?php echo $category->getId(); ?>"><?php echo htmlspecialchars($category->getName(), ENT_QUOTES); ?></option>
                                 <?php endforeach; ?>
                             </select>
                         </td>
@@ -83,7 +83,7 @@ use SP\Mvc\View\Template;
                                 <option value=""><?php echo __('Select User'); ?></option>
                                 <?php foreach ($_getvar('users') as $user): ?>
                                     <option
-                                            value="<?php echo $user->getId(); ?>"><?php echo $user->getName(); ?></option>
+                                            value="<?php echo $user->getId(); ?>"><?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?></option>
                                 <?php endforeach; ?>
                             </select>
                         </td>
@@ -99,7 +99,7 @@ use SP\Mvc\View\Template;
                                 <option value=""><?php echo __('Select Group'); ?></option>
                                 <?php foreach ($_getvar('userGroups') as $group): ?>
                                     <option
-                                            value="<?php echo $group->getId(); ?>"><?php echo $group->getName(); ?></option>
+                                            value="<?php echo $group->getId(); ?>"><?php echo htmlspecialchars($group->getName(), ENT_QUOTES); ?></option>
                                 <?php endforeach; ?>
                             </select>
                         </td>
@@ -112,7 +112,7 @@ use SP\Mvc\View\Template;
                                     class="select-box-tags">
                                 <option value=""><?php echo __('Select Tags'); ?></option>
                                 <?php foreach ($_getvar('tags') as $tag): ?>
-                                    <option value="<?php echo $tag->getId(); ?>"><?php echo $tag->getName(); ?></option>
+                                    <option value="<?php echo $tag->getId(); ?>"><?php echo htmlspecialchars($tag->getName(), ENT_QUOTES); ?></option>
                                 <?php endforeach; ?>
                             </select>
                         </td>
@@ -136,7 +136,7 @@ use SP\Mvc\View\Template;
                                         <option value=""><?php echo __('Select Users'); ?></option>
                                         <?php foreach ($_getvar('users') as $user): ?>
                                             <option
-                                                    value="<?php echo $user->getId(); ?>"><?php echo $user->getName(); ?></option>
+                                                    value="<?php echo $user->getId(); ?>"><?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?></option>
                                         <?php endforeach; ?>
                                     </select>
 
@@ -161,7 +161,7 @@ use SP\Mvc\View\Template;
                                         <option value=""><?php echo __('Select Users'); ?></option>
                                         <?php foreach ($_getvar('users') as $user): ?>
                                             <option
-                                                    value="<?php echo $user->getId(); ?>"><?php echo $user->getName(); ?></option>
+                                                    value="<?php echo $user->getId(); ?>"><?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?></option>
                                         <?php endforeach; ?>
                                     </select>
 
@@ -193,7 +193,7 @@ use SP\Mvc\View\Template;
                                         <option value=""><?php echo __('Select Groups'); ?></option>
                                         <?php foreach ($_getvar('userGroups') as $userGroup): ?>
                                             <option
-                                                    value="<?php echo $userGroup->getId(); ?>"><?php echo $userGroup->getName(); ?></option>
+                                                    value="<?php echo $userGroup->getId(); ?>"><?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?></option>
                                         <?php endforeach; ?>
                                     </select>
 
@@ -218,7 +218,7 @@ use SP\Mvc\View\Template;
                                         <option value=""><?php echo __('Select Groups'); ?></option>
                                         <?php foreach ($_getvar('userGroups') as $userGroup): ?>
                                             <option
-                                                    value="<?php echo $userGroup->getId(); ?>"><?php echo $userGroup->getName(); ?></option>
+                                                    value="<?php echo $userGroup->getId(); ?>"><?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?></option>
                                         <?php endforeach; ?>
                                     </select>
 
diff --git a/app/modules/web/themes/material-blue/views/itemshow/auth_token.inc b/app/modules/web/themes/material-blue/views/itemshow/auth_token.inc
index baebb8ee..ca9f554d 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/auth_token.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/auth_token.inc
@@ -35,7 +35,7 @@ $authToken = $_getvar('authToken');
                         <option value=""><?php echo __('Select User'); ?></option>
                         <?php /** @var SelectItem $user */
                         foreach ($_getvar('users') as $user): ?>
-                            <option value="<?php echo $user->getId(); ?>" <?php echo $user->isSelected() ? 'selected' : ''; ?>><?php printf('%s (%s)', $user->getName(), $user->getItemProperty('login')); ?></option>
+                            <option value="<?php echo $user->getId(); ?>" <?php echo $user->isSelected() ? 'selected' : ''; ?>><?php printf('%s (%s)', htmlspecialchars($user->getName(), ENT_QUOTES), htmlspecialchars($user->getItemProperty('login'), ENT_QUOTES)); ?></option>
                         <?php endforeach; ?>
                     </select>
                 </td>
@@ -51,7 +51,7 @@ $authToken = $_getvar('authToken');
                         <option value=""><?php echo __('Select Action'); ?></option>
                         <?php /** @var SelectItem $action */
                         foreach ($_getvar('actions') as $action): ?>
-                            <option value="<?php echo $action->getId(); ?>" <?php echo $action->isSelected() ? 'selected' : ''; ?>><?php echo $action->getName(); ?></option>
+                            <option value="<?php echo $action->getId(); ?>" <?php echo $action->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($action->getName(), ENT_QUOTES); ?></option>
                         <?php endforeach; ?>
                     </select>
                 </td>
diff --git a/app/modules/web/themes/material-blue/views/itemshow/category.inc b/app/modules/web/themes/material-blue/views/itemshow/category.inc
index 5b6485b6..021341d4 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/category.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/category.inc
@@ -32,7 +32,7 @@ $category = $_getvar('category');
                         <input id="name" name="name" type="text" required
                                class="mdl-textfield__input mdl-color-text--indigo-400"
                                maxlength="50"
-                               value="<?php echo $category->getName(); ?>">
+                               value="<?php echo htmlspecialchars($category->getName(), ENT_QUOTES); ?>">
                         <label class="mdl-textfield__label"
                                for="name"><?php echo __('Category name'); ?></label>
                     </div>
@@ -45,7 +45,7 @@ $category = $_getvar('category');
                         <input id="description" name="description" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
                                maxlength="50"
-                               value="<?php echo $category->getDescription(); ?>">
+                               value="<?php echo htmlspecialchars($category->getDescription(), ENT_QUOTES); ?>">
                         <label class="mdl-textfield__label"
                                for="description"><?php echo __('Category description'); ?></label>
                     </div>
diff --git a/app/modules/web/themes/material-blue/views/itemshow/client.inc b/app/modules/web/themes/material-blue/views/itemshow/client.inc
index e994fb32..ef1974a9 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/client.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/client.inc
@@ -32,7 +32,7 @@ $client = $_getvar('client');
                         <input id="name" name="name" type="text" required
                                class="mdl-textfield__input mdl-color-text--indigo-400"
                                maxlength="50"
-                               value="<?php echo $client->getName(); ?>">
+                               value="<?php echo htmlspecialchars($client->getName(), ENT_QUOTES); ?>">
                         <label class="mdl-textfield__label"
                                for="name"><?php echo __('Client name'); ?></label>
                     </div>
@@ -46,7 +46,7 @@ $client = $_getvar('client');
                         <input id="description" name="description" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
                                maxlength="50"
-                               value="<?php echo $client->getDescription(); ?>">
+                               value="<?php echo htmlspecialchars($client->getDescription(), ENT_QUOTES); ?>">
                         <label class="mdl-textfield__label"
                                for="description"><?php echo __('Client description'); ?></label>
                     </div>
diff --git a/app/modules/web/themes/material-blue/views/itemshow/custom_field.inc b/app/modules/web/themes/material-blue/views/itemshow/custom_field.inc
index a857f6d1..40913ab2 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/custom_field.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/custom_field.inc
@@ -34,7 +34,7 @@ $field = $_getvar('field');
                         <input id="name" name="name" type="text" required
                                class="mdl-textfield__input mdl-color-text--indigo-400"
                                maxlength="50"
-                               value="<?php echo $field->getName(); ?>">
+                               value="<?php echo htmlspecialchars($field->getName(), ENT_QUOTES); ?>">
                         <label class="mdl-textfield__label"
                                for="name"><?php echo __('Field name'); ?></label>
                     </div>
diff --git a/app/modules/web/themes/material-blue/views/itemshow/file.inc b/app/modules/web/themes/material-blue/views/itemshow/file.inc
index 5e7bcb59..dd27674b 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/file.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/file.inc
@@ -18,7 +18,7 @@ $fileData = $_getvar('fileData');
 <?php if ($_getvar('isImage')): ?>
     <img src="data:'<?php echo $fileData->getType(); ?>;base64, <?php echo $_getvar('data'); ?>"
          border="0"/>
-    <div class="title"><?php echo $fileData->getName(); ?></div>
+    <div class="title"><?php echo htmlspecialchars($fileData->getName(), ENT_QUOTES); ?></div>
 <?php else: ?>
     <pre><?php echo $_getvar('data'); ?></pre>
 <?php endif; ?>
\ No newline at end of file
diff --git a/app/modules/web/themes/material-blue/views/itemshow/item_preset-password.inc b/app/modules/web/themes/material-blue/views/itemshow/item_preset-password.inc
index c0ae6302..e3f51fa4 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/item_preset-password.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/item_preset-password.inc
@@ -66,7 +66,7 @@ $password = $_getvar('password');
             <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                 <input id="regex" name="regex" type="text"
                        class="mdl-textfield__input mdl-color-text--indigo-400"
-                       value="<?php echo htmlentities($password->getRegex()); ?>"/>
+                       value="<?php echo htmlspecialchars($password->getRegex(), ENT_QUOTES); ?>"/>
                 <label class="mdl-textfield__label"
                        for="regex"><?php echo __('Regular Expression'); ?></label>
             </div>
diff --git a/app/modules/web/themes/material-blue/views/itemshow/item_preset-permission.inc b/app/modules/web/themes/material-blue/views/itemshow/item_preset-permission.inc
index 7a796a55..69e94fa8 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/item_preset-permission.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/item_preset-permission.inc
@@ -28,7 +28,7 @@ use SP\Mvc\View\Template;
                             <?php if ($user->isSkip()): continue; endif; ?>
                             <option
                                     value="<?php echo $user->getId(); ?>"
-                                <?php echo $user->isSelected() ? 'selected' : '' ?>><?php echo $user->getName(); ?></option>
+                                <?php echo $user->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?></option>
                         <?php endforeach; ?>
                     </select>
 
@@ -46,7 +46,7 @@ use SP\Mvc\View\Template;
                             <?php if ($user->isSkip()): continue; endif; ?>
                             <option
                                     value="<?php echo $user->getId(); ?>"
-                                <?php echo $user->isSelected() ? 'selected' : '' ?>><?php echo $user->getName(); ?></option>
+                                <?php echo $user->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?></option>
                         <?php endforeach; ?>
                     </select>
 
@@ -71,7 +71,7 @@ use SP\Mvc\View\Template;
                             <?php if ($userGroup->isSkip()): continue; endif; ?>
                             <option
                                     value="<?php echo $userGroup->getId(); ?>"
-                                <?php echo $userGroup->isSelected() ? 'selected' : '' ?>><?php echo $userGroup->getName(); ?></option>
+                                <?php echo $userGroup->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?></option>
                         <?php endforeach; ?>
                     </select>
 
@@ -89,7 +89,7 @@ use SP\Mvc\View\Template;
                             <?php if ($userGroup->isSkip()): continue; endif; ?>
                             <option
                                     value="<?php echo $userGroup->getId(); ?>"
-                                <?php echo $userGroup->isSelected() ? 'selected' : '' ?>><?php echo $userGroup->getName(); ?></option>
+                                <?php echo $userGroup->isSelected() ? 'selected' : '' ?>><?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?></option>
                         <?php endforeach; ?>
                     </select>
 
diff --git a/app/modules/web/themes/material-blue/views/itemshow/item_preset.inc b/app/modules/web/themes/material-blue/views/itemshow/item_preset.inc
index f952107b..1f6e6137 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/item_preset.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/item_preset.inc
@@ -49,7 +49,7 @@ $preset = $_getvar('preset');
                                 <?php /** @var SelectItem $user */
                                 foreach ($_getvar('users') as $user): ?>
                                     <option
-                                            value="<?php echo $user->getId(); ?>" <?php echo $user->isSelected() ? 'selected' : ''; ?>><?php echo $user->getName(); ?></option>
+                                            value="<?php echo $user->getId(); ?>" <?php echo $user->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?></option>
                                 <?php endforeach; ?>
                             </select>
                         </td>
@@ -67,7 +67,7 @@ $preset = $_getvar('preset');
                                 <?php /** @var SelectItem $userGroup */
                                 foreach ($_getvar('userGroups') as $userGroup): ?>
                                     <option
-                                            value="<?php echo $userGroup->getId(); ?>" <?php echo $userGroup->isSelected() ? 'selected' : ''; ?>><?php echo $userGroup->getName(); ?></option>
+                                            value="<?php echo $userGroup->getId(); ?>" <?php echo $userGroup->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($userGroup->getName(), ENT_QUOTES); ?></option>
                                 <?php endforeach; ?>
                             </select>
                         </td>
@@ -85,7 +85,7 @@ $preset = $_getvar('preset');
                                 <?php /** @var SelectItem $userProfile */
                                 foreach ($_getvar('userProfiles') as $userProfile): ?>
                                     <option
-                                            value="<?php echo $userProfile->getId(); ?>" <?php echo $userProfile->isSelected() ? 'selected' : ''; ?>><?php echo $userProfile->getName(); ?></option>
+                                            value="<?php echo $userProfile->getId(); ?>" <?php echo $userProfile->isSelected() ? 'selected' : ''; ?>><?php echo htmlspecialchars($userProfile->getName(), ENT_QUOTES); ?></option>
                                 <?php endforeach; ?>
                             </select>
                         </td>
diff --git a/app/modules/web/themes/material-blue/views/itemshow/public_link.inc b/app/modules/web/themes/material-blue/views/itemshow/public_link.inc
index c9ace814..fa4fdb14 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/public_link.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/public_link.inc
@@ -36,7 +36,14 @@ $publicLink = $_getvar('publicLink');
                         <?php /** @var SelectItem $account */
                         foreach ($_getvar('accounts') as $account): ?>
                             <option
-                                    value="<?php echo $account->getId(); ?>" <?php echo $account->isSelected() ? 'selected' : ''; ?>><?php printf('%s (%s)', $account->getName(), $account->getItemProperty('clientName')); ?></option>
+                                    value="<?php echo $account->getId(); ?>"
+                                <?php echo $account->isSelected() ? 'selected' : ''; ?>>
+                                <?php printf(
+                                        '%s (%s)',
+                                        htmlspecialchars($account->getName(), ENT_QUOTES),
+                                        htmlspecialchars($account->getItemProperty('clientName'), ENT_QUOTES)
+                                ); ?>
+                            </option>
                         <?php endforeach; ?>
                     </select>
                 </td>
diff --git a/app/modules/web/themes/material-blue/views/itemshow/tag.inc b/app/modules/web/themes/material-blue/views/itemshow/tag.inc
index 36da664e..952431ad 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/tag.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/tag.inc
@@ -31,7 +31,7 @@ $tag = $_getvar('tag');
                         <input id="name" name="name" type="text" required
                                class="mdl-textfield__input mdl-color-text--indigo-400"
                                maxlength="50"
-                               value="<?php echo $tag->getName(); ?>">
+                               value="<?php echo htmlspecialchars($tag->getName(), ENT_QUOTES); ?>">
                         <label class="mdl-textfield__label"
                                for="name"><?php echo __('Tag name'); ?></label>
                     </div>
diff --git a/app/modules/web/themes/material-blue/views/itemshow/user.inc b/app/modules/web/themes/material-blue/views/itemshow/user.inc
index 3ce26a59..262d623b 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/user.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/user.inc
@@ -49,7 +49,7 @@ $user = $_getvar('user');
                                 <input id="name" name="name" type="text"
                                        required
                                        class="mdl-textfield__input mdl-color-text--indigo-400"
-                                       value="<?php echo $user->getName(); ?>"
+                                       value="<?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?>"
                                        maxlength="80" <?php echo $_getvar('readonly'); ?>>
                                 <label class="mdl-textfield__label"
                                        for="name"><?php echo __('Full username'); ?></label>
@@ -64,7 +64,7 @@ $user = $_getvar('user');
                                 <input id="login" name="login" type="text"
                                        required
                                        class="mdl-textfield__input mdl-color-text--indigo-400"
-                                       value="<?php echo $user->getLogin(); ?>"
+                                       value="<?php echo htmlspecialchars($user->getLogin(), ENT_QUOTES); ?>"
                                        maxlength="80" <?php echo $user->isLdap() ? 'readonly' : $_getvar('readonly'); ?>>
                                 <label class="mdl-textfield__label"
                                        for="login"><?php echo __('Session login'); ?></label>
@@ -84,7 +84,7 @@ $user = $_getvar('user');
                                     <input id="login_sso" name="login_sso"
                                            type="text"
                                            class="mdl-textfield__input mdl-color-text--indigo-400"
-                                           value="<?php echo $user->getSsoLogin(); ?>"
+                                           value="<?php echo htmlspecialchars($user->getSsoLogin(), ENT_QUOTES); ?>"
                                            maxlength="100" <?php echo $_getvar('readonly'); ?>>
                                     <label class="mdl-textfield__label"
                                            for="login_sso"><?php echo __('Session login with SSO'); ?></label>
@@ -100,7 +100,7 @@ $user = $_getvar('user');
                                 <input id="email" name="email" type="email"
                                        required
                                        class="mdl-textfield__input mdl-color-text--indigo-400"
-                                       value="<?php echo $user->getEmail(); ?>"
+                                       value="<?php echo htmlspecialchars($user->getEmail(), ENT_QUOTES); ?>"
                                        maxlength="50" <?php echo $_getvar('readonly'); ?>>
                                 <label class="mdl-textfield__label"
                                        for="email"><?php echo __('Email address'); ?></label>
@@ -154,7 +154,7 @@ $user = $_getvar('user');
                                 <?php /** @var SelectItem $profile */
                                 foreach ($_getvar('profiles') as $profile): ?>
                                     <option
-                                            value="<?php echo $profile->getId(); ?>" <?php echo ($profile->getId() === $user->getUserProfileId()) ? 'selected' : ''; ?>><?php echo $profile->getName(); ?></option>
+                                            value="<?php echo $profile->getId(); ?>" <?php echo ($profile->getId() === $user->getUserProfileId()) ? 'selected' : ''; ?>><?php echo htmlspecialchars($profile->getName(), ENT_QUOTES); ?></option>
                                 <?php endforeach; ?>
                             </select>
                         </td>
@@ -172,7 +172,7 @@ $user = $_getvar('user');
                                 <?php /** @var SelectItem $group */
                                 foreach ($_getvar('groups') as $group): ?>
                                     <option
-                                            value="<?php echo $group->getId(); ?>" <?php echo ($group->getId() === $user->getUserGroupId()) ? 'selected' : ''; ?>><?php echo $group->getName(); ?></option>
+                                            value="<?php echo $group->getId(); ?>" <?php echo ($group->getId() === $user->getUserGroupId()) ? 'selected' : ''; ?>><?php echo htmlspecialchars($group->getName(), ENT_QUOTES); ?></option>
                                 <?php endforeach; ?>
                             </select>
                         </td>
@@ -184,7 +184,9 @@ $user = $_getvar('user');
                             <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                         <textarea class="mdl-textfield__input" rows="3"
                                   id="notes" name="notes"
-                                  maxlength="1000" <?php echo $_getvar('readonly'); ?>><?php echo htmlspecialchars($user->getNotes(), ENT_QUOTES); ?></textarea>
+                                  maxlength="1000" <?php echo $_getvar('readonly'); ?>>
+                            <?php echo htmlspecialchars($user->getNotes(), ENT_QUOTES); ?>
+                        </textarea>
                                 <label class="mdl-textfield__label"
                                        for="notes"><?php echo __('Notes'); ?></label>
                             </div>
@@ -339,7 +341,11 @@ $user = $_getvar('user');
                                                 title="<?php echo $item->ref; ?>">
                                                 <span class="mdl-list__item-primary-content">
                                                 <i class="material-icons mdl-list__item-icon"><?php echo $item->icon; ?></i>
-                                                    <?php printf('%s: %s', $item->ref, $item->name ?: $item->id); ?>
+                                                    <?php printf(
+                                                            '%s: %s',
+                                                            $item->ref,
+                                                            htmlspecialchars($item->name, ENT_QUOTES) ?: $item->id
+                                                    ); ?>
                                                 </span>
                                             </li>
                                         <?php endforeach; ?>
diff --git a/app/modules/web/themes/material-blue/views/itemshow/user_group.inc b/app/modules/web/themes/material-blue/views/itemshow/user_group.inc
index 427bc44b..2f467c26 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/user_group.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/user_group.inc
@@ -35,7 +35,7 @@ $group = $_getvar('group');
                         <input id="name" name="name" type="text" required
                                class="mdl-textfield__input mdl-color-text--indigo-400"
                                maxlength="50"
-                               value="<?php echo $group->getName(); ?>">
+                               value="<?php echo htmlspecialchars($group->getName(), ENT_QUOTES); ?>">
                         <label class="mdl-textfield__label"
                                for="name"><?php echo __('Group name'); ?></label>
                     </div>
@@ -49,7 +49,7 @@ $group = $_getvar('group');
                         <input id="description" name="description" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
                                maxlength="50"
-                               value="<?php echo $group->getDescription(); ?>">
+                               value="<?php echo htmlspecialchars($group->getDescription(), ENT_QUOTES); ?>">
                         <label class="mdl-textfield__label"
                                for="description"><?php echo __('Group description'); ?></label>
                     </div>
@@ -69,7 +69,10 @@ $group = $_getvar('group');
                             <?php /** @var SelectItem $user */
                             foreach ($_getvar('users') as $user): ?>
                                 <option
-                                        value="<?php echo $user->getId(); ?>" <?php echo $user->isSelected() ? 'selected' : ''; ?>><?php echo $user->getName(); ?></option>
+                                        value="<?php echo $user->getId(); ?>"
+                                    <?php echo $user->isSelected() ? 'selected' : ''; ?>>
+                                    <?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?>
+                                </option>
                             <?php endforeach; ?>
                         </select>
                     <?php else: ?>
@@ -79,7 +82,9 @@ $group = $_getvar('group');
                                     <?php /** @var SelectItem $user */
                                     foreach ($_getvar('users') as $user): ?>
                                         <?php if ($user->isSelected()): ?>
-                                            <span class="tag"><?php echo $user->getName(); ?></span>
+                                            <span class="tag">
+                                                <?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?>
+                                            </span>
                                         <?php endif; ?>
                                     <?php endforeach; ?>
                                 </div>
@@ -107,9 +112,17 @@ $group = $_getvar('group');
                                             <i class="material-icons mdl-list__item-icon"
                                                title="<?php echo __('User'); ?>">person</i>
                                             <?php if ($user->ref === 'UserGroup'): ?>
-                                                <?php printf('%s (%s)*', $user->name, $user->login); ?>
+                                                <?php printf(
+                                                        '%s (%s)*',
+                                                        htmlspecialchars($user->name, ENT_QUOTES),
+                                                        htmlspecialchars($user->login, ENT_QUOTES)
+                                                ); ?>
                                             <?php else: ?>
-                                                <?php printf('%s (%s)', $user->name, $user->login); ?>
+                                                <?php printf(
+                                                        '%s (%s)',
+                                                        htmlspecialchars($user->name, ENT_QUOTES),
+                                                        htmlspecialchars($user->login, ENT_QUOTES)
+                                                ); ?>
                                             <?php endif; ?>
                                         </span>
                                     </li>
diff --git a/app/modules/web/themes/material-blue/views/itemshow/user_pass.inc b/app/modules/web/themes/material-blue/views/itemshow/user_pass.inc
index 4650104a..d6d32cf6 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/user_pass.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/user_pass.inc
@@ -30,7 +30,7 @@ $user = $_getvar('user');
                     <div class="mdl-textfield mdl-js-textfield">
                         <input id="name" name="name" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
-                               value="<?php echo $user->getName(); ?>" readonly
+                               value="<?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?>" readonly
                                disabled/>
                     </div>
                 </td>
@@ -42,7 +42,7 @@ $user = $_getvar('user');
                     <div class="mdl-textfield mdl-js-textfield">
                         <input id="login" name="login" type="text"
                                class="mdl-textfield__input mdl-color-text--indigo-400"
-                               value="<?php echo $user->getLogin(); ?>"
+                               value="<?php echo htmlspecialchars($user->getLogin(), ENT_QUOTES); ?>"
                                readonly disabled/>
                     </div>
                 </td>
diff --git a/app/modules/web/themes/material-blue/views/itemshow/user_profile.inc b/app/modules/web/themes/material-blue/views/itemshow/user_profile.inc
index aee7f2f9..1d1a8eeb 100644
--- a/app/modules/web/themes/material-blue/views/itemshow/user_profile.inc
+++ b/app/modules/web/themes/material-blue/views/itemshow/user_profile.inc
@@ -579,7 +579,7 @@ $profileData = $_getvar('profileData');
                         <input id="profile_name" name="profile_name" type="text"
                                required
                                class="mdl-textfield__input"
-                               value="<?php echo $profile->getName(); ?>"
+                               value="<?php echo htmlspecialchars($profile->getName(), ENT_QUOTES); ?>"
                                maxlength="50" <?php echo $_getvar('readonly'); ?>>
                         <label class="mdl-textfield__label"
                                for="profile_name"><?php echo __('Profile name'); ?></label>
diff --git a/app/modules/web/themes/material-blue/views/notification/notification.inc b/app/modules/web/themes/material-blue/views/notification/notification.inc
index 78552b33..3baa8b60 100644
--- a/app/modules/web/themes/material-blue/views/notification/notification.inc
+++ b/app/modules/web/themes/material-blue/views/notification/notification.inc
@@ -61,7 +61,8 @@ $notification = $_getvar('notification');
                             <input id="notification_date"
                                    name="notification_date" type="text"
                                    class="mdl-textfield__input mdl-color-text--indigo-400"
-                                   value="<?php echo DateUtil::getDateFromUnix($notification->getDate()); ?>" <?php echo $_getvar('disabled'); ?>>
+                                   value="<?php echo DateUtil::getDateFromUnix($notification->getDate()); ?>"
+                                <?php echo $_getvar('disabled'); ?>>
                             <label class="mdl-textfield__label"
                                    for="notification_date"><?php echo __('Date'); ?></label>
                         </div>
@@ -77,13 +78,15 @@ $notification = $_getvar('notification');
                                     class="mdl-textfield__input mdl-color-text--indigo-400"
                                     type="text" rows="3"
                                     id="notification_description"
-                                    name="notification_description" <?php echo $_getvar('readonly'); ?>><?php echo $notification->getDescription(); ?></textarea>
+                                    name="notification_description" <?php echo $_getvar('readonly'); ?>>
+                                <?php echo htmlspecialchars($notification->getDescription(), ENT_QUOTES); ?>
+                            </textarea>
                             <label class="mdl-textfield__label"
                                    for="notification_description"><?php echo __('Description'); ?></label>
                         </div>
                     <?php else: ?>
                         <div class="notification-description">
-                            <?php echo $notification->getDescription(); ?>
+                            <?php echo htmlspecialchars($notification->getDescription(), ENT_QUOTES); ?>
                         </div>
                     <?php endif; ?>
                 </td>
@@ -100,8 +103,10 @@ $notification = $_getvar('notification');
                             <option value=""><?php echo __('Select User'); ?></option>
                             <?php /** @var SelectItem $user */
                             foreach ($_getvar('users') as $user): ?>
-                                <option
-                                        value="<?php echo $user->getId(); ?>" <?php echo $user->isSelected() ? 'selected' : ''; ?>><?php echo $user->getName(); ?></option>
+                                <option value="<?php echo $user->getId(); ?>"
+                                    <?php echo $user->isSelected() ? 'selected' : ''; ?>>
+                                    <?php echo htmlspecialchars($user->getName(), ENT_QUOTES); ?>
+                                </option>
                             <?php endforeach; ?>
                         </select>
                     </td>
@@ -115,7 +120,8 @@ $notification = $_getvar('notification');
                                title="<?php echo __('Global notification'); ?>">
                             <input type="checkbox" id="notification_sticky"
                                    class="mdl-switch__input mdl-color-text--indigo-400"
-                                   name="notification_sticky" <?php echo $notification->isSticky() ? 'checked' : ' '; ?> <?php echo $_getvar('disabled'); ?>/>
+                                   name="notification_sticky" <?php echo $notification->isSticky() ? 'checked'
+                                : ' '; ?> <?php echo $_getvar('disabled'); ?>/>
                             <span class="mdl-switch__label"><?php echo __('Global'); ?></span>
                         </label>
 
@@ -124,7 +130,9 @@ $notification = $_getvar('notification');
                                title="<?php echo __('Only for application administrators'); ?>">
                             <input type="checkbox" id="notification_onlyadmin"
                                    class="mdl-switch__input mdl-color-text--indigo-400"
-                                   name="notification_onlyadmin" <?php echo $notification->isOnlyAdmin() ? 'checked' : ' '; ?> <?php echo $_getvar('disabled'); ?>/>
+                                   name="notification_onlyadmin"
+                                <?php echo $notification->isOnlyAdmin() ? 'checked' : ' '; ?>
+                                <?php echo $_getvar('disabled'); ?>/>
                             <span class="mdl-switch__label"><?php echo __('Only Admins'); ?></span>
                         </label>
 
@@ -133,7 +141,9 @@ $notification = $_getvar('notification');
                                title="<?php echo __('Read'); ?>">
                             <input type="checkbox" id="notification_checkout"
                                    class="mdl-switch__input mdl-color-text--indigo-400"
-                                   name="notification_checkout" <?php echo $notification->isChecked() ? 'checked' : ' '; ?> <?php echo $_getvar('disabled'); ?>/>
+                                   name="notification_checkout"
+                                <?php echo $notification->isChecked() ? 'checked' : ' '; ?>
+                                <?php echo $_getvar('disabled'); ?>/>
                             <span class="mdl-switch__label"><?php echo __('Read'); ?></span>
                         </label>
                     </td>
@@ -146,7 +156,8 @@ $notification = $_getvar('notification');
     <?php if (!$_getvar('isView')): ?>
         <div class="action-in-box">
             <button
-                    class="mdl-button mdl-js-button mdl-button--fab mdl-button--mini-fab mdl-button--colored <?php echo $icons->getIconSave()->getClassButton(); ?>"
+                    class="mdl-button mdl-js-button mdl-button--fab mdl-button--mini-fab mdl-button--colored <?php echo $icons->getIconSave(
+                    )->getClassButton(); ?>"
                     form="frmNotices"
                     title="<?php echo $icons->getIconSave()->getTitle(); ?>">
                 <i class="material-icons"><?php echo $icons->getIconSave()->getIcon(); ?></i>