diff --git a/library/Class/Xml/Builder.php b/library/Class/Xml/Builder.php
index 6ed15d5a4767c9b00c46dcd022957f6809d3b733..afb735f95c6d8707831cd098b37a9e17e516f428 100644
--- a/library/Class/Xml/Builder.php
+++ b/library/Class/Xml/Builder.php
@@ -54,7 +54,7 @@ class Class_Xml_Builder {
 	public function attributesToString($attributes) {
 		$attribs = '';
 		foreach ($attributes as $k => $v)
-			$attribs .= ' ' . $k . '="' . $v . '"';
+			$attribs .= ' ' . $k . '="' . htmlentities($v, ENT_COMPAT|ENT_XML1) . '"';
 		return $attribs;
 	}
 
diff --git a/tests/application/modules/opac/controllers/OAIControllerGetRecordTest.php b/tests/application/modules/opac/controllers/OAIControllerGetRecordTest.php
index 9039fd5d51862998f7830ae6bf9db91dd40efb4c..ae4a6b4a4611385ae0db3deb9917974913689f05 100644
--- a/tests/application/modules/opac/controllers/OAIControllerGetRecordTest.php
+++ b/tests/application/modules/opac/controllers/OAIControllerGetRecordTest.php
@@ -34,6 +34,8 @@ abstract class OAIControllerGetRecordTestCase extends AbstractControllerTestCase
 }
 
 
+
+
 class OAIControllerGetRecordNoIdentifierTest extends OAIControllerGetRecordTestCase {
 	public function setUp() {
 		parent::setUp();
@@ -57,6 +59,8 @@ class OAIControllerGetRecordNoIdentifierTest extends OAIControllerGetRecordTestC
 }
 
 
+
+
 class OAIControllerGetRecordNoMetadataPrefixTest extends OAIControllerGetRecordTestCase {
 	public function setUp() {
 		parent::setUp();
@@ -81,6 +85,7 @@ class OAIControllerGetRecordNoMetadataPrefixTest extends OAIControllerGetRecordT
 
 
 
+
 class OAIControllerGetRecordNotFoundParamsTest extends OAIControllerGetRecordTestCase {
 	public function setUp() {
 		parent::setUp();
@@ -90,7 +95,7 @@ class OAIControllerGetRecordNotFoundParamsTest extends OAIControllerGetRecordTes
 			->with('harrypotter-sorciers')
 			->answers(null);
 
-		$this->dispatch('/opac/oai/request?verb=GetRecord&metadataPrefix=oai_dc&identifier=harrypotter-sorciers', true);
+		$this->dispatch('/opac/oai/request?verb=GetRecord&metadataPrefix=oai_dc&identifier=harrypotter-sorciers\"id', true);
 		$this->_xml = $this->_response->getBody();
 	}
 
@@ -98,7 +103,7 @@ class OAIControllerGetRecordNotFoundParamsTest extends OAIControllerGetRecordTes
 	/** @test */
 	public function requestVerbShouldBeGetRecord() {
 		$this->_xpath->assertXpath($this->_xml,
-															 '//oai:request[@verb="GetRecord"][@identifier="harrypotter-sorciers"][@metadataPrefix="oai_dc"]');
+															 '//oai:request[@verb="GetRecord"][contains(@identifier, "harrypotter-sorciers")][@metadataPrefix="oai_dc"]');
 	}
 
 
@@ -110,6 +115,8 @@ class OAIControllerGetRecordNotFoundParamsTest extends OAIControllerGetRecordTes
 }
 
 
+
+
 class OAIControllerGetRecordNotSupportedPrefixTest extends OAIControllerGetRecordTestCase {
 	public function setUp() {
 		parent::setUp();
@@ -143,6 +150,8 @@ class OAIControllerGetRecordNotSupportedPrefixTest extends OAIControllerGetRecor
 }
 
 
+
+
 class OAIControllerGetRecordValidParamsTest extends OAIControllerGetRecordTestCase {
 	public function setUp() {
 		parent::setUp();
@@ -212,5 +221,4 @@ class OAIControllerGetRecordValidParamsTest extends OAIControllerGetRecordTestCa
 																		self::OAI_RECORD_PATH . 'oai:metadata',
 																		1);
 	}
-
 }
\ No newline at end of file