diff --git a/system/src/Grav/Common/Processors/TasksProcessor.php b/system/src/Grav/Common/Processors/TasksProcessor.php
index ba30a62f7..7b5adddc1 100644
--- a/system/src/Grav/Common/Processors/TasksProcessor.php
+++ b/system/src/Grav/Common/Processors/TasksProcessor.php
@@ -26,6 +26,7 @@ class TasksProcessor extends ProcessorBase
         $task = $this->container['task'];
         if ($task) {
             $attributes = $request->getAttribute('controller');
+
             $controllerClass = $attributes['class'] ?? null;
             if ($controllerClass) {
                 /** @var RequestHandlerInterface $controller */
diff --git a/system/src/Grav/Common/Service/TaskServiceProvider.php b/system/src/Grav/Common/Service/TaskServiceProvider.php
index 40b9696b4..d42661fa9 100644
--- a/system/src/Grav/Common/Service/TaskServiceProvider.php
+++ b/system/src/Grav/Common/Service/TaskServiceProvider.php
@@ -16,9 +16,13 @@ class TaskServiceProvider implements ServiceProviderInterface
 {
     public function register(Container $container)
     {
-        $container['task'] = function ($c) {
-            /** @var Grav $c */
-            return !empty($_POST['task']) ? $_POST['task'] : $c['uri']->param('task');
+        $container['task'] = function (Grav $c) {
+            $task = $_POST['task'] ?? $c['uri']->param('task');
+            if (null !== $task) {
+                $task = filter_var($task, FILTER_SANITIZE_STRING);
+            }
+
+            return $task ?: null;
         };
     }
 }