diff --git a/modules/openid/templates/consumer.php b/modules/openid/templates/consumer.php
index 8a709ce06c8092beef4e74a3e2bccdc3f108eccf..48493479086cf3eae16b294148f122d34725856b 100644
--- a/modules/openid/templates/consumer.php
+++ b/modules/openid/templates/consumer.php
@@ -50,7 +50,7 @@ div.error {
 			Identity&nbsp;URL:
 			<input type="hidden" name="action" value="verify" />
 			<input id="openid-identifier" class="openid-identifier" type="text" name="openid_url" value="http://" />
-			<input type="hidden" name="AuthState" value="<?php echo $this->data['AuthState']; ?>" />
+			<input type="hidden" name="AuthState" value="<?php echo htmlspecialchars($this->data['AuthState']); ?>" />
 			<input type="submit" value="Login with OpenID" />
 		</fieldset>
 	</form>