diff --git a/apps/lib/core/ui_schema/navigation/ui_schema_navigation.dart b/apps/lib/core/ui_schema/navigation/ui_schema_navigation.dart
index 42b8b8a..7281cf6 100644
--- a/apps/lib/core/ui_schema/navigation/ui_schema_navigation.dart
+++ b/apps/lib/core/ui_schema/navigation/ui_schema_navigation.dart
@@ -2,10 +2,20 @@ bool isValidInternalNavigationPath(String path) {
   if (path.isEmpty || !path.startsWith('/')) {
     return false;
   }
+  if (path.contains('%')) {
+    try {
+      if (Uri.decodeComponent(path) != path) {
+        return false;
+      }
+    } catch (_) {
+      return false;
+    }
+  }
   return !path.startsWith('//') &&
       !path.contains('://') &&
       !path.contains('?') &&
       !path.contains('#') &&
+      !path.contains('..') &&
       !path.contains(':');
 }
 
@@ -20,7 +30,7 @@ String buildUiSchemaNavigationTarget({
     for (final entry in params.entries) {
       final value = entry.value;
       if (value is String && value.isNotEmpty) {
-        queryParams[entry.key] = value;
+        queryParams[entry.key] = _sanitizeQueryValue(value);
       } else if (value is num || value is bool) {
         queryParams[entry.key] = value.toString();
       }
@@ -33,3 +43,7 @@ String buildUiSchemaNavigationTarget({
   );
   return targetUri.toString();
 }
+
+String _sanitizeQueryValue(String value) {
+  return value.replaceAll('\n', ' ').replaceAll('\r', '').trim();
+}