diff --git a/xwiki-platform-core/xwiki-platform-appwithinminutes/xwiki-platform-appwithinminutes-ui/src/main/resources/AppWithinMinutes/DeleteApplication.xml b/xwiki-platform-core/xwiki-platform-appwithinminutes/xwiki-platform-appwithinminutes-ui/src/main/resources/AppWithinMinutes/DeleteApplication.xml
index a753afec57e9..b616181d1754 100644
--- a/xwiki-platform-core/xwiki-platform-appwithinminutes/xwiki-platform-appwithinminutes-ui/src/main/resources/AppWithinMinutes/DeleteApplication.xml
+++ b/xwiki-platform-core/xwiki-platform-appwithinminutes/xwiki-platform-appwithinminutes-ui/src/main/resources/AppWithinMinutes/DeleteApplication.xml
@@ -92,8 +92,9 @@
     'form_token': $services.csrf.token
   })
   #if ("$!request.xredirect" != '')
-    #set ($cancelURL = $request.xredirect)
-    #set ($confirmParams.xredirect = $cancelURL)
+    #getSanitizedURLAttributeValue('a','href',$request.xredirect,$doc.getURL(),$cancelURL)
+    ## We don't sanitize those parameters as the sanitation will be handled server side.
+    #set ($confirmParams.xredirect = $request.xredirect)
   #end
   #set ($confirmURL = $doc.getURL($xcontext.action, $escapetool.url($confirmParams)))
   {{html}}