diff --git a/src/helma/framework/ResponseTrans.java b/src/helma/framework/ResponseTrans.java
index 85a581c3..adb38ea7 100644
--- a/src/helma/framework/ResponseTrans.java
+++ b/src/helma/framework/ResponseTrans.java
@@ -442,6 +442,7 @@ public final class ResponseTrans extends Writer implements Serializable {
      * @throws RedirectException ...
      */
     public void redirect(String url) throws RedirectException {
+        // remove newline chars to prevent response splitting attack
         redir = url == null ?
                 null : url.replaceAll("[\r\n]", "");
         throw new RedirectException(redir);
@@ -464,6 +465,7 @@ public final class ResponseTrans extends Writer implements Serializable {
      * @throws RedirectException ...
      */
     public void forward(String url) throws RedirectException {
+        // remove newline chars to prevent response splitting attack
         forward = url == null ?
                 null : url.replaceAll("[\r\n]", "");
         throw new RedirectException(forward);
@@ -925,6 +927,11 @@ public final class ResponseTrans extends Writer implements Serializable {
             c = (CookieTrans) cookies.get(key);
         }
 
+        // remove newline chars to prevent response splitting attack
+        if (value != null) {
+            value = value.replaceAll("[\r\n]", "");
+        }
+
         if (c == null) {
             c = new CookieTrans(key, value);
             cookies.put(key, c);