diff --git a/server/actions.mjs b/server/actions.mjs
index 8b3428e..297a60a 100644
--- a/server/actions.mjs
+++ b/server/actions.mjs
@@ -48,8 +48,12 @@ export const actions = {
 		params: [{ name: "url", required: true, type: "string" }],
 		policy: "queue",
 		handler: async ({ url }) => {
-			await exec("xdg-open", [url]);
-			return { opened: url };
+			const parsed = new URL(url);
+			if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') {
+				throw new Error(`Disallowed protocol: ${parsed.protocol}`);
+			}
+			await exec('xdg-open', [parsed.href]);
+			return { opened: parsed.href };
 		},
 	},