diff --git a/src/Umbraco.Web.UI.Client/src/views/common/legacy.controller.js b/src/Umbraco.Web.UI.Client/src/views/common/legacy.controller.js
index bf6bc287df..8e58535c74 100644
--- a/src/Umbraco.Web.UI.Client/src/views/common/legacy.controller.js
+++ b/src/Umbraco.Web.UI.Client/src/views/common/legacy.controller.js
@@ -9,13 +9,26 @@
 */
 function LegacyController($scope, $routeParams, $element) {
 
-    var url = decodeURIComponent($routeParams.url.toLowerCase().trimStart("javascript:"));
-    var toClean = "*(){}[];:<>\\|'\"";
-    for (var i = 0; i < toClean.length; i++) {
-        var reg = new RegExp("\\" + toClean[i], "g");
-        url = url.replace(reg, "");
+    var url = decodeURIComponent($routeParams.url.toLowerCase().replace(/javascript\:/g, ""));
+    //split into path and query
+    var urlParts = url.split("?");
+    var extIndex = urlParts[0].lastIndexOf(".");
+    var ext = extIndex === -1 ? "" : urlParts[0].substr(extIndex);
+    //path cannot be a js file
+    if (ext !== ".js" || ext === "") {
+        //path cannot contain any of these chars
+        var toClean = "*(){}[];:<>\\|'\"";
+        for (var i = 0; i < toClean.length; i++) {
+            var reg = new RegExp("\\" + toClean[i], "g");
+            urlParts[0] = urlParts[0].replace(reg, "");
+        }
+        //join cleaned path and query back together
+        url = urlParts[0] + (urlParts.length === 1 ? "" : ("?" + urlParts[1]));
+        $scope.legacyPath = url;
+    }
+    else {
+        throw "Invalid url";
     }
-    $scope.legacyPath = url;
 }
 
 angular.module("umbraco").controller('Umbraco.LegacyController', LegacyController);
\ No newline at end of file
diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/developer/Packages/installer.aspx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/developer/Packages/installer.aspx.cs
index 351015ddd8..6c75ab0e6e 100644
--- a/src/Umbraco.Web/umbraco.presentation/umbraco/developer/Packages/installer.aspx.cs
+++ b/src/Umbraco.Web/umbraco.presentation/umbraco/developer/Packages/installer.aspx.cs
@@ -220,7 +220,7 @@ namespace umbraco.presentation.developer.packages
             var packageId = 0;
             int.TryParse(Request.GetItemAsString("pId"), out packageId);
 
-            switch (currentStep)
+            switch (currentStep.ToLowerInvariant())
             {
                 case "businesslogic":
                     //first load in the config from the temporary directory
@@ -241,7 +241,7 @@ namespace umbraco.presentation.developer.packages
                         Response.Redirect("installer.aspx?installing=refresh&dir=" + dir + "&pId=" + packageId.ToString() + "&customUrl=" + Server.UrlEncode(_installer.Url));
                     }
                     break;
-                case "customInstaller":
+                case "custominstaller":
                     var customControl = Request.GetItemAsString("customControl");
 
                     if (customControl.IsNullOrWhiteSpace() == false)