diff --git a/app/assets/javascripts/app/controllers/_channel/form.js.coffee b/app/assets/javascripts/app/controllers/_channel/form.js.coffee
index 203d02ceb..0ff414a4f 100644
--- a/app/assets/javascripts/app/controllers/_channel/form.js.coffee
+++ b/app/assets/javascripts/app/controllers/_channel/form.js.coffee
@@ -19,6 +19,8 @@ class App.ChannelForm extends App.Controller
     )
 
   updateParams: ->
+    quote = (string) ->
+      string.replace('\'', '\\\'')
     params = @formParam(@$('.js-params'))
     paramString = ''
     for key, value of params
@@ -27,5 +29,5 @@ class App.ChannelForm extends App.Controller
       if value == 'true' || value == 'false'
         paramString += "  #{key}: #{value}"
       else
-        paramString += "  #{key}: '#{value}'"
+        paramString += "  #{key}: '#{quote(value)}'"
     @$('.js-modal-params').html(paramString)
\ No newline at end of file
diff --git a/app/assets/javascripts/app/views/channel/form.jst.eco b/app/assets/javascripts/app/views/channel/form.jst.eco
index a51e014b5..2d08ea622 100644
--- a/app/assets/javascripts/app/views/channel/form.jst.eco
+++ b/app/assets/javascripts/app/views/channel/form.jst.eco
@@ -10,6 +10,36 @@
 
   <h2><%- @T('Settings') %></h2>
   <form class="js-params">
+
+    <fieldset>
+      <div class="input form-group">
+        <div class="formGroup-label">
+          <label for="form-message-title"><%- @T('Title of the form') %></label>
+        </div>
+        <div class="controls">
+          <input type="text" id="form-message-title" name="messageTitle" value="<%- @T('Feedback Form') %>">
+        </div>
+      </div>
+      <div class="input form-group">
+        <div class="formGroup-label">
+          <label for="form-message-submit"><%- @T('Name of form submit button') %></label>
+        </div>
+        <div class="controls">
+          <input type="text" id="form-message-submit" name="messageSubmit" value="<%- @T('Submit') %>">
+        </div>
+      </div>
+      <div class="input form-group">
+        <div class="formGroup-label">
+          <label for="form-message-thank-you"><%- @T('Message after sending form') %></label>
+        </div>
+        <div class="controls">
+          <textarea type="text" id="form-message-thank-you" name="messageThankYou" rows="3"><%- @T('Thank you for your inquiry! We\'ll contact you soon as possible.') %></textarea>
+        </div>
+      </div>
+    </fieldset>
+
+    <br>
+
     <table class="settings-list">
       <thead>
         <tr>
@@ -17,21 +47,12 @@
         </tr>
       </thead>
       <tbody>
-        <tr>
-          <td><label><input type="text" name="title" value="<%- @T('Feedback Form') %>" style="display: inline; width: auto;"/> <%- @T('Title of the form.') %></label></td>
-        </tr>
-        <tr>
-          <td><label><input type="text" name="messageTitle" value="" style="display: inline; width: auto;"/> <%- @T('Form headline.') %></label></td>
-        </tr>
-        <tr>
-          <td><label><input type="text" name="messageSubmit" value="<%- @T('Submit') %>" style="display: inline; width: auto;"/> <%- @T('Name of form submit button.') %></label></td>
-        </tr>
-        <tr>
-          <td><label><input type="text" name="messageThankYou" value="<%- @T('Thank you for your inquiry!') %>" style="display: inline; width: auto;"/> <%- @T('Message after sending form.') %></label></td>
-        </tr>
         <tr>
           <td><label><input type="checkbox" name="debug" value="true"/> <%- @T('Enable debugging for implementation.') %></label></td>
         </tr>
+        <tr>
+          <td><label><input type="checkbox" name="showTitle" value="true"/> <%- @T('Show title in form.') %></label></td>
+        </tr>
         <tr>
           <td><label><input type="checkbox" name="modal" value="true" checked/> <%- @T('Start modal dialog for form.') %></label></td>
         </tr>
diff --git a/app/controllers/form_controller.rb b/app/controllers/form_controller.rb
index 3e6254388..1f7c105df 100644
--- a/app/controllers/form_controller.rb
+++ b/app/controllers/form_controller.rb
@@ -33,6 +33,9 @@ class FormController < ApplicationController
     if params[:email] !~ /@/
       errors['email'] = 'invalid'
     end
+    if params[:email] =~ /(>|<|\||\!|"|§|'|\$|%|&|\(|\)|\?)/
+      errors['email'] = 'invalid'
+    end
     if !params[:title] || params[:title].empty?
       errors['title'] = 'required'
     end
diff --git a/public/assets/form/form.js b/public/assets/form/form.js
index 8554ab1ec..46cf64a42 100644
--- a/public/assets/form/form.js
+++ b/public/assets/form/form.js
@@ -8,10 +8,10 @@
   defaults = {
     debug: false,
     noCSS: false,
-    title: 'Zammad Form',
-    messageHeadline: '',
+    showTitle: false,
+    messageTitle: 'Zammad Form',
     messageSubmit: 'Submit',
-    messageThankYou: 'Thank you for your inquiry!',
+    messageThankYou: 'Thank you for your inquiry! We\'ll contact you soon as possible.',
   };
 
   function Plugin( element, options ) {
@@ -149,7 +149,7 @@
     })
 
     if (!params.title) {
-      params.title = this.options.title
+      params.title = this.options.messageTitle
     }
 
     _this.log('params', params)
@@ -181,8 +181,8 @@
 
     var $element = $(element)
     var $form = $element.find('form')
-    if (this.options.messageHeadline && this.options.messageHeadline != '') {
-      $form.append('<h2>' + this.options.messageHeadline + '</h2>')
+    if (this.options.showTitle && this.options.messageTitle != '') {
+      $form.append('<h2>' + this.options.messageTitle + '</h2>')
     }
     $.each(this.attributes, function( index, value ) {
       var item = $('<div class="form-group"><label>' + value.display + '</label></div>')
