diff --git a/data/web/inc/header.inc.php b/data/web/inc/header.inc.php
index d2ce6f3d0..e5737b63c 100644
--- a/data/web/inc/header.inc.php
+++ b/data/web/inc/header.inc.php
@@ -89,7 +89,7 @@ $globalVariables = [
   'app_links' => $app_links,
   'app_links_processed' => $app_links_processed,
   'is_root_uri' => (parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH) == '/'),
-  'uri' => $_SERVER['REQUEST_URI'],
+  'uri' => parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH) ?: '/',
 ];
 
 foreach ($globalVariables as $globalVariableName => $globalVariableValue) {
diff --git a/data/web/inc/twig.inc.php b/data/web/inc/twig.inc.php
index a3bc02d92..c4d0669d9 100644
--- a/data/web/inc/twig.inc.php
+++ b/data/web/inc/twig.inc.php
@@ -13,7 +13,9 @@ $twig = new Environment($loader, [
 
 // functions
 $twig->addFunction(new TwigFunction('query_string', function (array $params = []) {
-  return http_build_query(array_merge($_GET, $params));
+  $allowed = ['lang', 'mobileconfig'];
+  $filtered = array_intersect_key($_GET, array_flip($allowed));
+  return http_build_query(array_merge($filtered, $params));
 }));
 
 $twig->addFunction(new TwigFunction('is_uri', function (string $uri, string $where = null) {
diff --git a/data/web/templates/base.twig b/data/web/templates/base.twig
index e1708950c..9e20b08a5 100644
--- a/data/web/templates/base.twig
+++ b/data/web/templates/base.twig
@@ -193,7 +193,7 @@ $(window).scroll(function() {
 });
 // Select language and reopen active URL without POST
 function setLang(sel) {
-  $.post( '{{ uri }}', {lang: sel} );
+  $.post( '{{ uri|escape("js") }}', {lang: sel} );
   window.location.href = window.location.pathname + window.location.search;
 }
 // FIDO2 functions