diff --git a/templates/default/includes/header.php b/templates/default/includes/header.php
index 13450be4560c966c0724a6a25f0fd380bfef419e..31f100b513793575d0494d66129af3a2eea06aee 100644
--- a/templates/default/includes/header.php
+++ b/templates/default/includes/header.php
@@ -64,7 +64,7 @@ foreach ($languages AS $lang => $current) {
 	if ($current) {
 		echo $langnames[$lang] . ' | ';
 	} else {
-		echo '<a href="' . SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), 'language=' . $lang) . '">' . 
+		echo '<a href="' . htmlspecialchars(SimpleSAML_Utilities::addURLparameter(SimpleSAML_Utilities::selfURL(), 'language=' . $lang)) . '">' . 
 			$langnames[$lang] . '</a> | ';
 	}
 }