diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/header.tag b/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/header.tag
index f4b4430cf9..ce8c64f160 100644
--- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/header.tag
+++ b/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/header.tag
@@ -55,7 +55,7 @@
     	
 		// get the info of the current user, if available (null otherwise)
     	function getUserInfo() {
-    		return ${userInfoJson};
+    		return ${fn:escapeXml(userInfoJson)};
     	}
 		
 		// get the authorities of the current user, if available (null otherwise)