diff --git a/lib/SimpleSAML/XML/SAML20/AuthnRequest.php b/lib/SimpleSAML/XML/SAML20/AuthnRequest.php
index 0fc2c819fb1d292d1819ad6a4229e341bdd7385f..ead9afa386a54f4137259d9642c238f76c3b3067 100644
--- a/lib/SimpleSAML/XML/SAML20/AuthnRequest.php
+++ b/lib/SimpleSAML/XML/SAML20/AuthnRequest.php
@@ -154,17 +154,17 @@ class SimpleSAML_XML_SAML20_AuthnRequest {
 		  "IssueInstant=\"" . $issueInstant . "\" " .
 		  "ForceAuthn=\"false\" " .
 		  "IsPassive=\"false\" " .
-		  "Destination=\"" . $destination . "\" " .
+		  "Destination=\"" . htmlspecialchars($destination) . "\" " .
 		  "ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" " .
-		  "AssertionConsumerServiceURL=\"" . $assertionConsumerServiceURL . "\">\n" .
+		  "AssertionConsumerServiceURL=\"" . htmlspecialchars($assertionConsumerServiceURL) . "\">\n" .
 			"<saml:Issuer " .
 			"xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">" .
-			  $spentityid .
+			  htmlspecialchars($spentityid) .
 			"</saml:Issuer>\n" .
 			"<samlp:NameIDPolicy  " .
 			"xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" " .
-			"Format=\"" . $nameidformat. "\" " .
-			"SPNameQualifier=\"" . $spNameQualifier . "\" " .
+			"Format=\"" . htmlspecialchars($nameidformat). "\" " .
+			"SPNameQualifier=\"" . htmlspecialchars($spNameQualifier) . "\" " .
 			"AllowCreate=\"true\" />\n" . 
 			"<samlp:RequestedAuthnContext " .
 			"xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" " .
diff --git a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
index 56984d9b7cf3fd9126118cce216aff0d183bf017..65ed360ebeab4364114c2fb8f60be02e7ae716e0 100644
--- a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php
@@ -409,7 +409,7 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 			ID="' . $id . '"
 			InResponseTo="' . htmlspecialchars($inresponseto) . '" Version="2.0"
 			IssueInstant="' . $issueInstant . '"
-			Destination="' . $destination . '">
+			Destination="' . htmlspecialchars($destination) . '">
 	<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">' . htmlspecialchars($issuer) . '</saml:Issuer>
 	<samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
 		<samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
@@ -423,7 +423,7 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
 			<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
 				<saml:SubjectConfirmationData NotOnOrAfter="' . $assertionExpire . '"
 					InResponseTo="' . htmlspecialchars($inresponseto). '"
-					Recipient="' . $destination . '"/>
+					Recipient="' . htmlspecialchars($destination) . '"/>
 			</saml:SubjectConfirmation>
 		</saml:Subject>
 		<saml:Conditions NotBefore="' . $notBefore. '" NotOnOrAfter="' . $assertionExpire. '">
@@ -432,7 +432,7 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse {
             </saml:AudienceRestriction>
 		</saml:Conditions> 
 		<saml:AuthnStatement AuthnInstant="' . $issueInstant . '"
-			SessionIndex="' . $sessionindex . '">
+			SessionIndex="' . htmlspecialchars($sessionindex) . '">
 			<saml:AuthnContext>
 				<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
 			</saml:AuthnContext>
diff --git a/lib/SimpleSAML/XML/SAML20/LogoutRequest.php b/lib/SimpleSAML/XML/SAML20/LogoutRequest.php
index 137ff0c985be3e527b7d2b6aa9576be5d7d00043..e1c90884963d3ee7e1c3880e370ede4c83fd9074 100644
--- a/lib/SimpleSAML/XML/SAML20/LogoutRequest.php
+++ b/lib/SimpleSAML/XML/SAML20/LogoutRequest.php
@@ -141,22 +141,22 @@ class SimpleSAML_XML_SAML20_LogoutRequest {
       "xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" " . 
       "ID=\"" . $id . "\" " .
       "Version=\"2.0\" " .
-      "Destination=\"" . $destination . "\" " .
+      "Destination=\"" . htmlspecialchars($destination) . "\" " .
       "IssueInstant=\"" . $issueInstant . "\"> " .
         "<saml:Issuer " . 
         "xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">" .
-          $issuer .
+          htmlspecialchars($issuer) .
         "</saml:Issuer>" .
         "<saml:NameID " . 
         "xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\" " . 
 //        "NameQualifier=\"" . $nameId["NameQualifier"] . "\" " . 
 //        "SPNameQualifier=\"" . $nameId["SPNameQualifier"] . "\" " . 
-        "Format=\"" .  $nameidformat. "\">" . 
-          $nameid . 
+        "Format=\"" . htmlspecialchars($nameidformat) . "\">" .
+          htmlspecialchars($nameid) .
         "</saml:NameID>" . 
         "<samlp:SessionIndex " .
         "xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\">" . 
-          $sessionindex .
+          htmlspecialchars($sessionindex) .
         "</samlp:SessionIndex>" .
       "</samlp:LogoutRequest>";
 		  
diff --git a/lib/SimpleSAML/XML/SAML20/LogoutResponse.php b/lib/SimpleSAML/XML/SAML20/LogoutResponse.php
index 5378c7a0a3281e33192bbb70f3241368ee9cc065..84fe044fcc767df8fb69509354126fc636607465 100644
--- a/lib/SimpleSAML/XML/SAML20/LogoutResponse.php
+++ b/lib/SimpleSAML/XML/SAML20/LogoutResponse.php
@@ -113,14 +113,14 @@ class SimpleSAML_XML_SAML20_LogoutResponse {
 		$destination = $receivermd['SingleLogoutService'];
 		
 		$samlResponse = '<samlp:LogoutResponse  xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
-ID="_' . $id . '" Version="2.0" IssueInstant="' . $issueInstant . '" Destination="'. $destination. '" InResponseTo="' . htmlspecialchars($inresponseto) . '">
-<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">' . $issuer . '</saml:Issuer>
+ID="_' . $id . '" Version="2.0" IssueInstant="' . $issueInstant . '" Destination="'. htmlspecialchars($destination). '" InResponseTo="' . htmlspecialchars($inresponseto) . '">
+<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">' . htmlspecialchars($issuer) . '</saml:Issuer>
 <samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
 <samlp:StatusCode  xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
 Value="urn:oasis:names:tc:SAML:2.0:status:Success">
 </samlp:StatusCode>
 <samlp:StatusMessage xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
-Successfully logged out from service ' . $issuer . '
+Successfully logged out from service ' . htmlspecialchars($issuer) . '
 </samlp:StatusMessage>
 </samlp:Status>
 </samlp:LogoutResponse>';