diff --git a/frappe/templates/includes/login/login.js b/frappe/templates/includes/login/login.js
index 74d6337f74..24b3399097 100644
--- a/frappe/templates/includes/login/login.js
+++ b/frappe/templates/includes/login/login.js
@@ -183,7 +183,7 @@ login.login_handlers = (function() {
 				login.set_indicator('{{ _("Success") }}', 'green');
 				window.location.href = frappe.utils.sanitise_redirect(frappe.utils.get_url_arg("redirect-to")) || data.home_page;
 			} else if(data.message == 'Password Reset'){
-				window.location.href = data.redirect_to;
+				window.location.href = frappe.utils.sanitise_redirect(data.redirect_to);
 			} else if(data.message=="No App") {
 				login.set_indicator("{{ _("Success") }}", 'green');
 				if(localStorage) {
@@ -194,7 +194,7 @@ login.login_handlers = (function() {
 				}
 
 				if(data.redirect_to) {
-					window.location.href = data.redirect_to;
+					window.location.href = frappe.utils.sanitise_redirect(data.redirect_to);
 				}
 
 				if(last_visited && last_visited != "/login") {