diff --git a/pam_login.cgi b/pam_login.cgi
index b859f9fa1..e0d139021 100755
--- a/pam_login.cgi
+++ b/pam_login.cgi
@@ -32,6 +32,7 @@ if ($gconfig{'loginbanner'} && $ENV{'HTTP_COOKIE'} !~ /banner=1/ &&
 	print "Set-Cookie: banner=1; path=/\r\n";
 	&PrintHeader();
 	$url = $in{'page'};
+	$url = &filter_javascript($url);
 	open(BANNER, "<$gconfig{'loginbanner'}");
 	while(<BANNER>) {
 		s/LOGINURL/$url/g;
diff --git a/session_login.cgi b/session_login.cgi
index 1a9ac5fbf..ec7851bdf 100755
--- a/session_login.cgi
+++ b/session_login.cgi
@@ -40,6 +40,7 @@ if ($gconfig{'loginbanner'} && $ENV{'HTTP_COOKIE'} !~ /banner=1/ &&
 	print "Set-Cookie: banner=1; path=/".$sec."\r\n";
 	&PrintHeader();
 	$url = $in{'page'};
+	$url = &filter_javascript($url);
 	open(BANNER, "<$gconfig{'loginbanner'}");
 	while(<BANNER>) {
 		s/LOGINURL/$url/g;