diff --git a/services/web/app/src/Features/Helpers/UrlHelper.js b/services/web/app/src/Features/Helpers/UrlHelper.js
index c059914feb..581b0fc3be 100644
--- a/services/web/app/src/Features/Helpers/UrlHelper.js
+++ b/services/web/app/src/Features/Helpers/UrlHelper.js
@@ -4,7 +4,7 @@ const { URL } = require('url')
 function getSafeRedirectPath(value) {
   const baseURL = Settings.siteUrl // base URL is required to construct URL from path
   const url = new URL(value, baseURL)
-  let safePath = `${url.pathname}${url.search}${url.hash}`
+  let safePath = `${url.pathname}${url.search}${url.hash}`.replace(/^\/+/, '/')
   if (safePath === '/') {
     safePath = undefined
   }
diff --git a/services/web/test/unit/src/HelperFiles/UrlHelperTests.js b/services/web/test/unit/src/HelperFiles/UrlHelperTests.js
index 4c82f5f0c4..d52cad5774 100644
--- a/services/web/test/unit/src/HelperFiles/UrlHelperTests.js
+++ b/services/web/test/unit/src/HelperFiles/UrlHelperTests.js
@@ -27,6 +27,10 @@ describe('UrlHelper', function() {
         '/%2F%2Fevil.com'
       )
 
+      expect(
+        this.UrlHelper.getSafeRedirectPath('http://foo.com//evil.com/bad')
+      ).to.equal('/evil.com/bad')
+
       return expect(this.UrlHelper.getSafeRedirectPath('.evil.com')).to.equal(
         '/.evil.com'
       )