diff --git a/bbs/login.php b/bbs/login.php
index 43a5b24e5..fccca13f8 100644
--- a/bbs/login.php
+++ b/bbs/login.php
@@ -8,7 +8,6 @@ if( function_exists('social_check_login_before') ){
 $g5['title'] = '로그인';
 include_once('./_head.sub.php');
 
-$url = isset($_GET['url']) ? strip_tags($_GET['url']) : '';
 $od_id = isset($_POST['od_id']) ? safe_replace_regex($_POST['od_id'], 'od_id') : '';
 
 // url 체크
diff --git a/bbs/member_confirm.php b/bbs/member_confirm.php
index e3041527e..877d1984f 100644
--- a/bbs/member_confirm.php
+++ b/bbs/member_confirm.php
@@ -4,8 +4,6 @@ include_once('./_common.php');
 if ($is_guest)
     alert('로그인 한 회원만 접근하실 수 있습니다.', G5_BBS_URL.'/login.php');
 
-$url = isset($_GET['url']) ? clean_xss_tags($_GET['url']) : '';
-
 while (1) {
     $tmp = preg_replace('/&#[^;]+;/', '', $url);
     if ($tmp == $url) break;
diff --git a/common.php b/common.php
index 3f939ec72..8613a2eb3 100644
--- a/common.php
+++ b/common.php
@@ -505,7 +505,7 @@ if (isset($_REQUEST['bo_table']) && ! is_array($_REQUEST['bo_table'])) {
 
 // URL ENCODING
 if (isset($_REQUEST['url'])) {
-    $url = strip_tags(trim($_REQUEST['url']));
+    $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\[\]\\x80-\\xff]|i', '', trim($_REQUEST['url']));
     $urlencode = urlencode($url);
 } else {
     $url = '';