diff --git a/lib/sidekiq/web/action.rb b/lib/sidekiq/web/action.rb
index 31f6acd28..0ce6f655e 100644
--- a/lib/sidekiq/web/action.rb
+++ b/lib/sidekiq/web/action.rb
@@ -15,7 +15,7 @@ def request
     end
 
     def halt(res)
-      throw :halt, res
+      throw :halt, [res, {"Content-Type" => "text/plain"}, [res.to_s]]
     end
 
     def redirect(location)
diff --git a/lib/sidekiq/web/application.rb b/lib/sidekiq/web/application.rb
index 37b610f6b..1d2f23727 100644
--- a/lib/sidekiq/web/application.rb
+++ b/lib/sidekiq/web/application.rb
@@ -82,10 +82,12 @@ def self.set(key, val)
       erb(:queues)
     end
 
+    QUEUE_NAME = /\A[a-z_:.\-0-9]+\z/i
+
     get "/queues/:name" do
       @name = route_params[:name]
 
-      halt(404) unless @name
+      halt(404) if !@name || @name !~ QUEUE_NAME
 
       @count = (params["count"] || 25).to_i
       @queue = Sidekiq::Queue.new(@name)
diff --git a/test/test_web.rb b/test/test_web.rb
index dbd1883ce..cb8b88beb 100644
--- a/test/test_web.rb
+++ b/test/test_web.rb
@@ -124,6 +124,13 @@ def perform(a, b)
   end
 
   it 'handles queue view' do
+    get '/queues/onmouseover=alert()'
+    assert_equal 404, last_response.status
+
+    get '/queues/foo_bar:123-wow.'
+    assert_equal 200, last_response.status
+    assert_match(/foo_bar:123-wow\./, last_response.body)
+
     get '/queues/default'
     assert_equal 200, last_response.status
   end