diff --git a/lib/controllers/login.js b/lib/controllers/login.js
index 0c932ba8..0e3cb79f 100644
--- a/lib/controllers/login.js
+++ b/lib/controllers/login.js
@@ -81,7 +81,7 @@ module.exports = function (req, res, next) {
       },
       'text/html': function () {
         var nextUri = url.parse(req.query.next || '').path;
-        var formActionUri = (config.web.login.uri + (nextUri ? ('?next=' + nextUri) : ''));
+        var formActionUri = (config.web.login.uri + (nextUri ? ('?next=' + encodeURIComponent(nextUri)) : ''));
 
         if (req.user && config.web.login.enabled) {
           var nextUrl = nextUri || config.web.login.nextUri;