diff --git a/app-code/api/login/redirect.php b/app-code/api/login/redirect.php
index de7c840..2e51a91 100644
--- a/app-code/api/login/redirect.php
+++ b/app-code/api/login/redirect.php
@@ -5,7 +5,7 @@ header('Content-Type: application/json');
 include "../utils/get_location.php";
 
 $send_to=$_SESSION["end_url"];
-
+$send_to = htmlspecialchars(str_replace([':', ';', 'script', 'java','(',')'],'',$send_to));
 include "../../config/config.php";
 $conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);