Fix XSS issue in addressbook group name field [CVE-2013-5646] (#1489333)

CHANGELOG

@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Fix XSS issue in addressbook group name field [CVE-2013-5646] (#1489333)
 - Fix attachment icon issue when rare font/language is used (#1489326)
 - After message is sent refresh messages list of replied message folder (#1489249)
 - Add option force specified domain in user login - username_domain_forced (#1489264)

program/js/app.js

@@ -4345,7 +4345,7 @@ function rcube_webmail()
         boxtitle.append(' » ');
       }
 
-      boxtitle.append($('<span>'+prop.name+'</span>'));
+      boxtitle.append($('<span>').text(prop.name));
     }
 
     this.triggerEvent('groupupdate', prop);