diff --git a/src/main/java/org/jitsi/jicofo/auth/ShibbolethHandler.java b/src/main/java/org/jitsi/jicofo/auth/ShibbolethHandler.java
index 195ef2ebfc..976e8de4e7 100644
--- a/src/main/java/org/jitsi/jicofo/auth/ShibbolethHandler.java
+++ b/src/main/java/org/jitsi/jicofo/auth/ShibbolethHandler.java
@@ -17,6 +17,7 @@
  */
 package org.jitsi.jicofo.auth;
 
+import com.google.common.html.*;
 import org.eclipse.jetty.server.*;
 import org.eclipse.jetty.server.handler.*;
 
@@ -240,7 +241,7 @@ private void doHandle(
         boolean close = "true".equalsIgnoreCase(request.getParameter("close"));
 
         responseWriter.println("<html><head><head/><body>");
-        responseWriter.println("<h1>Hello " + displayName + "!<h1/>");
+        responseWriter.println("<h1>Hello " + HtmlEscapers.htmlEscaper().escape(displayName) + "!<h1/>");
         if (!close)
         {
             responseWriter.println(