diff --git a/core/Controller.php b/core/Controller.php
index 85d333fd435912a76d72d6ee40b26fad2efad4d5..0c625bde6e5b6a8ec90717fa423414fff6a9c20a 100644
--- a/core/Controller.php
+++ b/core/Controller.php
@@ -521,8 +521,9 @@ abstract class Piwik_Controller
 			$invalidUrl = Piwik_Url::getCurrentUrlWithoutQueryString($checkIfTrusted = false);
 			$validUrl = Piwik_Url::getCurrentScheme() . '://' . $validHost
 					  . Piwik_Url::getCurrentScriptName();
+            $invalidUrl = Piwik_Common::sanitizeInputValue($invalidUrl);
+            $validUrl = Piwik_Common::sanitizeInputValue($validUrl);
 
-			$validLink = "<a href=\"$validUrl\">$validUrl</a>";
 			$changeTrustedHostsUrl = "index.php"
 				. Piwik_Url::getCurrentQueryStringWithParametersModified(array(
 					'module' => 'CoreAdminHome',