diff --git a/xwiki-platform-core/xwiki-platform-web/xwiki-platform-web-templates/src/main/resources/templates/deletespace.vm b/xwiki-platform-core/xwiki-platform-web/xwiki-platform-web-templates/src/main/resources/templates/deletespace.vm
index 31e4367134cf..653d8434abd5 100644
--- a/xwiki-platform-core/xwiki-platform-web/xwiki-platform-web-templates/src/main/resources/templates/deletespace.vm
+++ b/xwiki-platform-core/xwiki-platform-web/xwiki-platform-web-templates/src/main/resources/templates/deletespace.vm
@@ -29,8 +29,9 @@
     #end
     #set ($cancelURL = $doc.getURL())
     #if ($request.xredirect)
+      ## We don't sanitize this as it will be handled by the server
       #set ($redirectparam = "&xredirect=$escapetool.url($request.xredirect)")
-      #set ($cancelURL = $request.xredirect)
+      #getSanitizedURLAttributeValue('a','href',$request.xredirect,$doc.getURL(),$cancelURL)
     #end
     #if ($xwiki.hasRecycleBin())
       #set ($confirmationMessage = $services.localization.render('core.space.recyclebin.confirm', ["<em>${escapetool.xml($doc.space)}</em>"]))