Index: openacs-4/packages/acs-tcl/tcl/text-html-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/text-html-procs.tcl,v
diff -u -N -r1.109.2.21 -r1.109.2.22
--- openacs-4/packages/acs-tcl/tcl/text-html-procs.tcl	12 Mar 2021 13:26:22 -0000	1.109.2.21
+++ openacs-4/packages/acs-tcl/tcl/text-html-procs.tcl	6 Sep 2021 09:47:31 -0000	1.109.2.22
@@ -1364,10 +1364,21 @@
                         if {$url eq ""} continue
 
                         set prot ""
-
-                        set parsed_url [ns_parseurl $url]
-                        # attribute is a URL including the protocol
-                        set proto [expr {[dict exists $parsed_url proto] ? [dict get $parsed_url proto] : ""}]
+                        try {
+                            set parsed_url [ns_parseurl $url]
+                            set proto [expr {[dict exists $parsed_url proto] ? [dict get $parsed_url proto] : ""}]
+                        } on error {errorMsg} {
+                            ns_log warning "ad_dom_sanitize_html cannot parse URL '$url': $errorMsg"
+                            #
+                            # The attribute is invalid. Report it or remove it.
+                            #
+                            if {$validate_p} {
+                                return 0
+                            } else {
+                                $node removeAttribute $att
+                            }
+                            continue
+                        }
                         if {$proto ne ""} {
                             if {$no_outer_urls_p} {
                                 # no external URLs allowed: we still