diff --git a/core/src/main/java/org/springframework/security/util/TextUtils.java b/core/src/main/java/org/springframework/security/util/TextUtils.java
index f547e9c7bb..f24c635195 100644
--- a/core/src/main/java/org/springframework/security/util/TextUtils.java
+++ b/core/src/main/java/org/springframework/security/util/TextUtils.java
@@ -2,18 +2,22 @@ package org.springframework.security.util;
 
 /**
  * Utilities for working with Strings and text.
- * 
+ *
  * @author Luke Taylor
  * @version $Id$
  */
 public abstract class TextUtils {
 
     public static String escapeEntities(String s) {
+        if (s == null || s.length() == 0) {
+            return s;
+        }
+
         StringBuffer sb = new StringBuffer();
-        
+
         for (int i=0; i < s.length(); i++) {
             char c = s.charAt(i);
-            
+
             if(c == '<') {
                 sb.append("&lt;");
             } else if (c == '>') {
@@ -26,8 +30,8 @@ public abstract class TextUtils {
                 sb.append(c);
             }
         }
-        
+
         return sb.toString();
     }
-    
+
 }
diff --git a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
index 613f3adced..79f8a47c03 100644
--- a/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
+++ b/taglibs/src/main/java/org/springframework/security/taglibs/authz/AuthenticationTag.java
@@ -19,6 +19,7 @@ import org.springframework.security.Authentication;
 
 import org.springframework.security.context.SecurityContext;
 import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.util.TextUtils;
 
 import org.springframework.beans.BeanWrapperImpl;
 import org.springframework.beans.BeansException;
@@ -94,7 +95,7 @@ public class AuthenticationTag extends TagSupport {
             if (auth.getPrincipal() == null) {
                 return Tag.EVAL_PAGE;
             }
-            
+
             try {
                 BeanWrapperImpl wrapper = new BeanWrapperImpl(auth);
                 result = wrapper.getPropertyValue(property);
@@ -120,7 +121,7 @@ public class AuthenticationTag extends TagSupport {
                 }
             }
         } else {
-            writeMessage(String.valueOf(result));
+            writeMessage(TextUtils.escapeEntities(String.valueOf(result)));
         }
         return EVAL_PAGE;
     }