diff --git a/url.php b/url.php
index 764b81cb7379..ea61c35dae44 100644
--- a/url.php
+++ b/url.php
@@ -25,11 +25,11 @@
         //  external site.
         echo "<script type='text/javascript'>
                 window.onload=function(){
-                    window.location='" . $_GET['url'] . "';
+                    window.location='" . htmlspecialchars($_GET['url']) . "';
                 }
             </script>";
         // Display redirecting msg on screen.
-        echo __('Taking you to ') . ($_GET['url']);
+        printf(__('Taking you to %s.'), htmlspecialchars($_GET['url']));
     } else {
         header('Location: ' . $cfg['PmaAbsoluteUri']);
     }