diff --git a/lib/util.php b/lib/util.php
index d2dd28b7da877357bf2b62e7e367eddfcac8e15d..22b327a88c0e9c879d594fb7ae1156b4a7e7f36d 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -312,7 +312,7 @@ class OC_Util {
 	*/
 	public static function redirectToDefaultPage(){
 		if(isset($_REQUEST['redirect_url'])) {
-			header( 'Location: /'.$_REQUEST['redirect_url']);
+			header( 'Location: /'.htmlentities($_REQUEST['redirect_url']));
 		} else {
 			header( 'Location: '.OC::$WEBROOT.'/'.OC_Appconfig::getValue('core', 'defaultpage', '?app=files'));
 		}