diff --git a/actionpack/lib/action_controller/metal/redirecting.rb b/actionpack/lib/action_controller/metal/redirecting.rb
index f26e524bbc299..3a0716a71fb59 100644
--- a/actionpack/lib/action_controller/metal/redirecting.rb
+++ b/actionpack/lib/action_controller/metal/redirecting.rb
@@ -64,6 +64,7 @@ module Redirecting
     # behavior for this case by rescuing ActionController::RedirectBackError.
     def redirect_to(options = {}, response_status = {}) #:doc:
       raise ActionControllerError.new("Cannot redirect to nil!") unless options
+      raise ActionControllerError.new("Cannot redirect to a parameter hash!") if options.is_a?(ActionController::Parameters)
       raise AbstractController::DoubleRenderError if response_body
 
       self.status        = _extract_redirect_to_status(options, response_status)
diff --git a/actionpack/test/controller/redirect_test.rb b/actionpack/test/controller/redirect_test.rb
index 4331333b9860d..103ca9c77606d 100644
--- a/actionpack/test/controller/redirect_test.rb
+++ b/actionpack/test/controller/redirect_test.rb
@@ -90,6 +90,10 @@ def redirect_to_nil
     redirect_to nil
   end
 
+  def redirect_to_params
+    redirect_to ActionController::Parameters.new(status: 200, protocol: 'javascript', f: '%0Aeval(name)')
+  end
+
   def redirect_to_with_block
     redirect_to proc { "http://www.rubyonrails.org/" }
   end
@@ -281,6 +285,12 @@ def test_redirect_to_nil
     end
   end
 
+  def test_redirect_to_params
+    assert_raise(ActionController::ActionControllerError) do
+      get :redirect_to_params
+    end
+  end
+
   def test_redirect_to_with_block
     get :redirect_to_with_block
     assert_response :redirect