diff --git a/app/models/environment.rb b/app/models/environment.rb
index 909249dacca..ed18e6bdea1 100644
--- a/app/models/environment.rb
+++ b/app/models/environment.rb
@@ -185,8 +185,7 @@ class Environment < ActiveRecord::Base
     public_path = project.public_path_for_source_path(path, commit_sha)
     return unless public_path
 
-    # TODO: Verify this can't be used for XSS
-    URI.join(external_url, public_path).to_s
+    [external_url, public_path].join('/')
   end
 
   private