diff --git a/backend/report_submission/views.py b/backend/report_submission/views.py
index 7126e2c379..9a74ac1f32 100644
--- a/backend/report_submission/views.py
+++ b/backend/report_submission/views.py
@@ -120,7 +120,9 @@ def post(self, request):
         report_id = result.get("report_id")
 
         if report_id:
-            return redirect(f"/report_submission/general-information/{report_id}")
+            return Util.validate_redirect_url(
+                f"/report_submission/general-information/{report_id}"
+            )
         else:
             return render(
                 request, "report_submission/step-3.html", context=result, status=400
@@ -233,7 +235,7 @@ def post(self, request, *args, **kwargs):
                 event_type=SubmissionEvent.EventType.GENERAL_INFORMATION_UPDATED,
             )
 
-            return redirect(f"/audit/submission-progress/{report_id}")
+            return Util.validate_redirect_url(f"/audit/submission-progress/{report_id}")
         except SingleAuditChecklist.DoesNotExist as err:
             raise PermissionDenied("You do not have access to this audit.") from err
         except ValidationError as err:
@@ -493,7 +495,7 @@ def post(self, request, *args, **kwargs):
         report_id = kwargs["report_id"]
 
         try:
-            return redirect(
+            return Util.validate_redirect_url(
                 "/audit/submission-progress/{report_id}".format(report_id=report_id)
             )