diff --git a/kallithea/controllers/admin/repo_groups.py b/kallithea/controllers/admin/repo_groups.py
--- a/kallithea/controllers/admin/repo_groups.py
+++ b/kallithea/controllers/admin/repo_groups.py
@@ -117,7 +117,7 @@ class RepoGroupsController(BaseControlle
             children_groups = [g.name for g in repo_gr.parents] + [repo_gr.name]
             repo_count = repo_gr.repositories.count()
             repo_groups_data.append({
-                "raw_name": repo_gr.group_name,
+                "raw_name": h.escape(repo_gr.group_name),
                 "group_name": repo_group_name(repo_gr.group_name, children_groups),
                 "desc": h.escape(repo_gr.group_description),
                 "repos": repo_count,
diff --git a/kallithea/model/repo.py b/kallithea/model/repo.py
--- a/kallithea/model/repo.py
+++ b/kallithea/model/repo.py
@@ -168,8 +168,8 @@ class RepoModel(object):
 
         for gr in repo_groups_list or []:
             repos_data.append(dict(
-                raw_name='\0' + gr.name, # sort before repositories
-                just_name=gr.name,
+                raw_name='\0' + h.html_escape(gr.name), # sort before repositories
+                just_name=h.html_escape(gr.name),
                 name=_render('group_name_html', group_name=gr.group_name, name=gr.name),
                 desc=desc(gr.group_description)))
 
@@ -178,8 +178,8 @@ class RepoModel(object):
                 continue
             cs_cache = repo.changeset_cache
             row = {
-                "raw_name": repo.repo_name,
-                "just_name": repo.just_name,
+                "raw_name": h.html_escape(repo.repo_name),
+                "just_name": h.html_escape(repo.just_name),
                 "name": repo_lnk(repo.repo_name, repo.repo_type,
                                  repo.repo_state, repo.private, repo.fork),
                 "following": following(