diff --git a/ChangeLog.md b/ChangeLog.md
index 4df6f6d2c..995995bae 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -11,6 +11,7 @@ See also section about WebODF
 
 * Fix wrongly enabled hyperlink tools with no document loaded ([#833](https://github.com/kogmbh/WebODF/pull/833))
 * Prevent Cross-Site Scripting from style names and font names ([#849](https://github.com/kogmbh/WebODF/pull/849)))
+* Prevent Cross-Site Scripting from links ([#850](https://github.com/kogmbh/WebODF/pull/850)))
 
 # Changes between 0.5.3 and 0.5.4
 
diff --git a/webodf/lib/gui/HyperlinkClickHandler.js b/webodf/lib/gui/HyperlinkClickHandler.js
index 629df54ee..fa0881a04 100644
--- a/webodf/lib/gui/HyperlinkClickHandler.js
+++ b/webodf/lib/gui/HyperlinkClickHandler.js
@@ -115,8 +115,13 @@ gui.HyperlinkClickHandler = function HyperlinkClickHandler(getContainer, keyDown
                 bookmarks[0].scrollIntoView(true);
             }
         } else {
-            // Ask the browser to open the link in a new window.
-            window.open(url);
+            // Ask the browser to open the link in a new window. `javascript` and `data` URIs are disabled for
+            // security reasons.
+            if(/^\s*(javascript|data):/.test(url)) {
+                runtime.log("WARN:", "potentially malicious URL ignored");
+            } else {
+                window.open(url);
+            }
         }
 
         if (e.preventDefault) {