diff --git a/src/AbstractWebApplication.php b/src/AbstractWebApplication.php
index ca207ae1..c30854d7 100644
--- a/src/AbstractWebApplication.php
+++ b/src/AbstractWebApplication.php
@@ -827,6 +827,9 @@ protected function detectRequestUri()
             }
         }
 
+        // Extra cleanup to remove invalid chars in the URL to prevent injections through the Host header
+        $uri = str_replace(array("'", '"', '<', '>'), array('%27', '%22', '%3C', '%3E'), $uri);
+
         return \trim($uri);
     }