diff --git a/lib/Saml2/AuthnRequest.php b/lib/Saml2/AuthnRequest.php
index c112a400..86fbe494 100644
--- a/lib/Saml2/AuthnRequest.php
+++ b/lib/Saml2/AuthnRequest.php
@@ -133,7 +133,7 @@ public function __construct(OneLogin_Saml2_Settings $settings, $forceAuthn = fal
 
         $spEntityId = htmlspecialchars($spData['entityId'], ENT_QUOTES);
         $acsUrl = htmlspecialchars($spData['assertionConsumerService']['url'], ENT_QUOTES);
-        $destination = $this->_settings->getIdPSSOUrl();
+        $destination = htmlspecialchars($this->_settings->getIdPSSOUrl(), ENT_QUOTES);
         $request = <<<AUTHNREQUEST
 <samlp:AuthnRequest
     xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
diff --git a/lib/Saml2/LogoutRequest.php b/lib/Saml2/LogoutRequest.php
index 5865c8a6..761f0286 100644
--- a/lib/Saml2/LogoutRequest.php
+++ b/lib/Saml2/LogoutRequest.php
@@ -106,7 +106,7 @@ public function __construct(OneLogin_Saml2_Settings $settings, $request = null,
             $sessionIndexStr = isset($sessionIndex) ? "<samlp:SessionIndex>{$sessionIndex}</samlp:SessionIndex>" : "";
 
             $spEntityId = htmlspecialchars($spData['entityId'], ENT_QUOTES);
-            $destination = $this->_settings->getIdPSLOUrl();
+            $destination = htmlspecialchars($this->_settings->getIdPSLOUrl(), ENT_QUOTES);
             $logoutRequest = <<<LOGOUTREQUEST
 <samlp:LogoutRequest
     xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
diff --git a/lib/Saml2/LogoutResponse.php b/lib/Saml2/LogoutResponse.php
index 21c1adad..4a64705b 100644
--- a/lib/Saml2/LogoutResponse.php
+++ b/lib/Saml2/LogoutResponse.php
@@ -240,7 +240,7 @@ public function build($inResponseTo)
         $issueInstant = OneLogin_Saml2_Utils::parseTime2SAML(time());
 
         $spEntityId = htmlspecialchars($spData['entityId'], ENT_QUOTES);
-        $destination = $this->_settings->getIdPSLOResponseUrl();
+        $destination = htmlspecialchars($this->_settings->getIdPSLOResponseUrl(), ENT_QUOTES);
         $logoutResponse = <<<LOGOUTRESPONSE
 <samlp:LogoutResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                   xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"