diff --git a/components/ILIAS/LTIConsumer/classes/class.ilLTIConsumeProviderFormGUI.php b/components/ILIAS/LTIConsumer/classes/class.ilLTIConsumeProviderFormGUI.php
index 5b301a467277..fa55b5a42583 100755
--- a/components/ILIAS/LTIConsumer/classes/class.ilLTIConsumeProviderFormGUI.php
+++ b/components/ILIAS/LTIConsumer/classes/class.ilLTIConsumeProviderFormGUI.php
@@ -73,7 +73,7 @@ public function initForm(string $formaction, string $saveCmd, string $cancelCmd)
         }
 
         $titleInp = new ilTextInputGUI($lng->txt('lti_con_prov_title'), 'title');
-        $titleInp->setValue($this->provider->getTitle());
+        $titleInp->setValue(htmlspecialchars($this->provider->getTitle()));
         $titleInp->setRequired(true);
         $this->addItem($titleInp);
 
diff --git a/components/ILIAS/LTIConsumer/ltiregstart.php b/components/ILIAS/LTIConsumer/ltiregstart.php
index e6271689e1ed..0084b1b9048a 100755
--- a/components/ILIAS/LTIConsumer/ltiregstart.php
+++ b/components/ILIAS/LTIConsumer/ltiregstart.php
@@ -24,11 +24,8 @@
 ilInitialisation::initILIAS();
 global $DIC;
 
-if (strtoupper($DIC->http()->request()->getMethod()) !== "GET") {
-    $DIC->http()->saveResponse(
-        $DIC->http()->response()
-            ->withStatus(400)
-    );
+if (!$DIC->user()->getId() || $DIC->user()->getId() === ANONYMOUS_USER_ID) {
+	ilObjLTIConsumer::sendResponseError(401, "unauthorized");
 }
 
 $params = $DIC->http()->wrapper()->query();