diff --git a/ui/login/login.html b/ui/login/login.html
index 32787fc91..62b8ffdc8 100644
--- a/ui/login/login.html
+++ b/ui/login/login.html
@@ -44,7 +44,8 @@
         xhr.onerror = function() {
             document.getElementsByClassName("login-error")[0].innerHTML = localeStrings.internal_error;
         };
-        xhr.send("username=" + username + "&password=" + password + "&returnURL=" + returnURL);
+        var body = "username=" + encodeURIComponent(username) + "&password=" + encodeURIComponent(password) + "&returnURL=" + encodeURIComponent(returnURL);
+        xhr.send(body);
     }
 </script>