diff --git a/app/controllers/static_controller.rb b/app/controllers/static_controller.rb
index 031df4706..24029a9a1 100644
--- a/app/controllers/static_controller.rb
+++ b/app/controllers/static_controller.rb
@@ -4,7 +4,8 @@ class StaticController < ApplicationController
   
   def accept_terms_of_service
     cookies.permanent[:accepted_tos] = "1"
-    redirect_to(params[:url] || posts_path)
+    url = params[:url] if params[:url].start_with? '/'
+    redirect_to(url || posts_path)
   end
 
   def error