diff --git a/modules/adfs/lib/IdP/ADFS.php b/modules/adfs/lib/IdP/ADFS.php
index 8187aff89c12ad28206e9d0a22f1cba0e49e66c5..5ed65c3284195ba757409dffc7bd449132883bf7 100644
--- a/modules/adfs/lib/IdP/ADFS.php
+++ b/modules/adfs/lib/IdP/ADFS.php
@@ -131,24 +131,13 @@ MSG;
 
     private static function postResponse($url, $wresult, $wctx)
     {
-        $wresult = htmlspecialchars($wresult);
-        $wctx = htmlspecialchars($wctx);
-
-        $post = <<<MSG
-    <body onload="document.forms[0].submit()">
-        <form method="post" action="$url">
-            <input type="hidden" name="wa" value="wsignin1.0">
-            <input type="hidden" name="wresult" value="$wresult">
-            <input type="hidden" name="wctx" value="$wctx">
-            <noscript>
-                <input type="submit" value="Continue">
-            </noscript>
-        </form>
-    </body>
-MSG;
-
-        echo $post;
-        exit;
+        $config = \SimpleSAML\Configuration::getInstance();
+        $t = new \SimpleSAML\XHTML\Template($config, 'adfs:postResponse.twig');
+        $t->data['baseurlpath'] = \SimpleSAML\Module::getModuleUrl('adfs');
+        $t->data['url'] = $url;
+        $t->data['wresult'] = $wresult;
+        $t->data['wctx'] = $wctx;
+        $t->show();
     }
 
     public static function sendResponse(array $state)
diff --git a/modules/adfs/templates/postResponse.twig b/modules/adfs/templates/postResponse.twig
new file mode 100644
index 0000000000000000000000000000000000000000..857aa8d7ab6fcd28e21630ea84031a22452840a4
--- /dev/null
+++ b/modules/adfs/templates/postResponse.twig
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <script src="{{ baseurlpath }}/assets/js/postResponse.js"></script>
+    </head>
+    <body>
+        <form method="post" action="{{ url }}">
+            <input type="hidden" name="wa" value="wsignin1.0">
+            <input type="hidden" name="wresult" value="{{ wresult|escape('html') }}">
+            <input type="hidden" name="wctx" value="{{ wctx|escape('html') }}">
+            <noscript>
+                <input type="submit" value="Continue">
+            </noscript>
+        </form>
+    </body>
+</html>
diff --git a/modules/adfs/www/assets/js/postReponse.js b/modules/adfs/www/assets/js/postReponse.js
new file mode 100644
index 0000000000000000000000000000000000000000..a813b92cbec83b7ac265163431ac1f0d7d5f00e3
--- /dev/null
+++ b/modules/adfs/www/assets/js/postReponse.js
@@ -0,0 +1,3 @@
+document.addEventListener('DOMContentLoaded', function () {
+    document.forms[0].submit();
+});