diff --git a/templates/default/en/post.php b/templates/default/en/post.php
index 2329cdbca7059cb3722bfd793a6c29c399c6e17f..1178985a3416b03f3c91492d48ddd72aaf15a570 100644
--- a/templates/default/en/post.php
+++ b/templates/default/en/post.php
@@ -11,9 +11,9 @@
 		<p><strong>Note:</strong> Since your browser does not support JavaScript, you must press the button below once to proceed.</p> 
 	</noscript> 
 	
-	<form method="post" action="<?php echo $data['destination']; ?>">
-		<input type="hidden" name="SAMLResponse" value="<?php echo $data['response']; ?>" />
-		<input type="hidden" name="<?php echo $data['RelayStateName']; ?>" value="<?php echo $data['RelayState']; ?>">
+	<form method="post" action="<?php echo htmlspecialchars($data['destination']); ?>">
+		<input type="hidden" name="SAMLResponse" value="<?php echo htmlspecialchars($data['response']); ?>" />
+		<input type="hidden" name="<?php echo htmlspecialchars($data['RelayStateName']); ?>" value="<?php echo htmlspecialchars($data['RelayState']); ?>">
 		
 		<noscript>
 			<input type="submit" value="Submit the response to the service" />