diff --git a/app/controllers/templates_share_link_controller.rb b/app/controllers/templates_share_link_controller.rb
index 5dfed111..10a6cbde 100644
--- a/app/controllers/templates_share_link_controller.rb
+++ b/app/controllers/templates_share_link_controller.rb
@@ -10,7 +10,7 @@ class TemplatesShareLinkController < ApplicationController
 
     @template.update!(template_params)
 
-    if params[:redir].present?
+    if params[:redir].present? && params[:redir].start_with?('/')
       redirect_to params[:redir]
     else
       head :ok