Escape css and guild names in the frontend

webapp/titanembeds/templates/admin_guilds.html.j2

@@ -18,7 +18,7 @@
         </div>
         <div class="col s7">
           <span class="black-text">
-            <p class="flow-text truncate">{{ server.name }}</p>
+            <p class="flow-text truncate">{{ server.name|e }}</p>
             <br>
             <a class="waves-effect waves-light btn" href="{{url_for('admin.administrate_guild', guild_id=server['guild_id'])}}">Modify</a>
           </span>

webapp/titanembeds/templates/administrate_guild.html.j2

@@ -6,7 +6,7 @@
 {% endblock %}
 
 {% block content %}
-<h1>Administrating: {{ guild['name'] }}</h1>
+<h1>Administrating: {{ guild['name']|e }}</h1>
 <p class="flow-text">For this server, you are allowed the following actions:
   {% for permission in permissions %}
     {{ permission }}

webapp/titanembeds/templates/dashboard.html.j2

@@ -19,7 +19,7 @@
         </div>
         <div class="col s7">
           <span class="black-text">
-            <p class="flow-text truncate">{{ server.name }}</p>
+            <p class="flow-text truncate">{{ server.name|e }}</p>
             <br>
             <a class="waves-effect waves-light btn" href="{{url_for('user.administrate_guild', guild_id=server['id'])}}">Modify</a>
           </span>
@@ -56,7 +56,7 @@
   {% for css in css_list %}
   <div class="col l4 m6 s12">
     <div class="card-panel indigo lighten-5 z-depth-3 hoverable black-text">
-      <p class="flow-text truncate"><code>#{{ css.id }}</code> {{ css.name }}</p>
+      <p class="flow-text truncate"><code>#{{ css.id }}</code> {{ css.name|e }}</p>
       <a class="waves-effect waves-light btn" href="{{ url_for("user.edit_custom_css_get", css_id=css.id) }}">Modify</a>
     </div>
   </div>

webapp/titanembeds/templates/site_layout.html.j2

@@ -10,7 +10,7 @@
     <!--Let browser know website is optimized for mobile-->
     <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
 
-    <title>{{ title }} - Titan Embeds for Discord</title>
+    <title>{{ title|e }} - Titan Embeds for Discord</title>
     
     <!--Provide default mobile metadata-->
     <meta name="apple-mobile-web-app-title" content="Titan Embeds">

webapp/titanembeds/templates/usercss.html.j2

@@ -24,7 +24,7 @@
 {% endset %}
 
 {% block content %}
-<h1>{% if new %}New{% else %}Editing {{ css.name }}{% endif %} - User Defined CSS</h1>
+<h1>{% if new %}New{% else %}Editing {{ css.name|e }}{% endif %} - User Defined CSS</h1>
 <p><strong>Note:</strong> This feature is only used for CSS. Any attempts to enter HTML or malicious CSS code
 will have CSS cosmetic privilages removed, if caught. Please don't, we check the databases often. Thanks!</p>
 
@@ -46,7 +46,7 @@ will have CSS cosmetic privilages removed, if caught. Please don't, we check the
   <div class="row">
     <div class="col s12">
         <p class="flow-text">Give your CSS a name</p>
-        <input placeholder="Some Lit CSS" id="css_name" type="text" {% if not new %}value="{{ css.name }}"{% endif %}>
+        <input placeholder="Some Lit CSS" id="css_name" type="text" {% if not new %}value="{{ css.name|e }}"{% endif %}>
         <label for="css_name">Name</label>
     </div>
     {% if admin %}