Members panel doesn't properly escape the user's name

Steps to reproduce:

1. Create a user with first name ]]Name.
2. Open Panel.Members or add the members panel to a panel column.

Expected result:

The user is correctly listed with its name.

Actual result:

MembersName>>XWiki.testuser]] is displayed in the table.

This is due to insufficient escaping/escaping for HTML instead of XWiki syntax. Note that there is no security impact from what I can see as HTML escaping still escapes macro syntax and thus nothing dangerous can be injected.