Index: openacs-4/packages/xowiki/tcl/form-field-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/xowiki/tcl/form-field-procs.tcl,v
diff -u -r1.219 -r1.220
--- openacs-4/packages/xowiki/tcl/form-field-procs.tcl	13 Sep 2012 16:05:27 -0000	1.219
+++ openacs-4/packages/xowiki/tcl/form-field-procs.tcl	25 Sep 2012 19:30:00 -0000	1.220
@@ -1345,8 +1345,15 @@
   #
   ###########################################################
 
-  Class url -superclass text -parameter {
-    {link_label}
+  Class url -superclass text \
+      -extend_slot validator safe_url \
+      -parameter {
+	{link_label}
+      }
+  url instproc check=safe_url {value} {
+    set regexp {^(https|http|ftp)://([a-zA-Z0-9_\-\.]+(:[0-9]+)?)/[a-zA-Z0-9_.%/#?=&~-]+$}
+    if {[regexp -nocase $expr $value]} {return 1}
+    return 0
   }
   url instproc initialize {} {
     next