encryption group names can be crafted for stored XSS in notebook info popup

[gordonwoodhull]

It's possible to create a name for a group such that, when invoking notebook info for a notebook belonging to that group, will run bits of the group name as JS in the client.

[gordonwoodhull]

Notebook name in this popup was also vulnerable