diff --git a/src/SimpleSAML/XHTML/IdPDisco.php b/src/SimpleSAML/XHTML/IdPDisco.php
index d141f48d212e06ca8b42b288212c664570193142..818daad967db7a1c2b96ffdbf64307e3541f31ad 100644
--- a/src/SimpleSAML/XHTML/IdPDisco.php
+++ b/src/SimpleSAML/XHTML/IdPDisco.php
@@ -18,7 +18,6 @@ use function array_intersect;
use function array_key_exists;
use function array_keys;
use function array_merge;
-use function htmlspecialchars;
use function preg_match;
use function sizeof;
use function strcasecmp;
@@ -631,7 +630,7 @@ class IdPDisco
$t->data['return'] = $this->returnURL;
$t->data['returnIDParam'] = $this->returnIdParam;
$t->data['entityID'] = $this->spEntityId;
- $t->data['urlpattern'] = htmlspecialchars($httpUtils->getSelfURLNoQuery());
+ $t->data['urlpattern'] = $httpUtils->getSelfURLNoQuery();
$t->data['rememberenabled'] = $this->config->getOptionalBoolean('idpdisco.enableremember', false);
$t->data['rememberchecked'] = $this->config->getOptionalBoolean('idpdisco.rememberchecked', false);
$t->send();
diff --git a/src/SimpleSAML/XHTML/Template.php b/src/SimpleSAML/XHTML/Template.php
index 5cfb6c86ba1b9b99af94f60e8065bcc3027365c0..149ccb0c4d8fd2ac099dbb0b2c56fe6cf69cba56 100644
--- a/src/SimpleSAML/XHTML/Template.php
+++ b/src/SimpleSAML/XHTML/Template.php
@@ -39,7 +39,6 @@ use function count;
use function date;
use function explode;
use function hash;
-use function htmlspecialchars;
use function in_array;
use function is_null;
use function key;
@@ -476,10 +475,10 @@ class Template extends Response
$url = false;
if (!$current) {
$httpUtils = new Utils\HTTP();
- $url = htmlspecialchars($httpUtils->addURLParameters(
+ $url = $httpUtils->addURLParameters(
'',
[$parameterName => $lang]
- ));
+ );
}
$langmap[$lang] = [
'name' => $langname,