diff --git a/auth/handlers/handle_logout_test.go b/auth/handlers/handle_logout_test.go
index 555ffafa6..4fb2569f7 100644
--- a/auth/handlers/handle_logout_test.go
+++ b/auth/handlers/handle_logout_test.go
@@ -43,6 +43,6 @@ func Test_logoutProc(t *testing.T) {
 	rq.Empty(authReq.Session.Values)
 	rq.Empty(authReq.AuthUser)
 	rq.Empty(authReq.Client)
-	rq.Equal("scriptalert(origin)/script", authReq.Data["link"])
+	rq.Equal("//scriptalert(origin)/script", authReq.Data["link"])
 	rq.Equal(TmplLogout, authReq.Template)
 }
diff --git a/auth/handlers/links_test.go b/auth/handlers/links_test.go
new file mode 100644
index 000000000..fc24fbaa2
--- /dev/null
+++ b/auth/handlers/links_test.go
@@ -0,0 +1,41 @@
+package handlers
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func Test_sanitizeLink(t *testing.T) {
+	type (
+		tt struct {
+			name   string
+			link   string
+			expect string
+		}
+	)
+
+	tcc := []tt{
+		{
+			name:   `empty link`,
+			link:   ``,
+			expect: `//`,
+		},
+		{
+			name:   `Example URL with query`,
+			link:   `https://example.url/query`,
+			expect: `//example.url/query`,
+		},
+		{
+			name:   `URL with additional js`,
+			link:   `javascript:window.alert('foobar')`,
+			expect: `//javascript:window.alert(foobar)`,
+		},
+	}
+
+	for _, tc := range tcc {
+		t.Run(tc.name, func(t *testing.T) {
+			require.New(t).Equal(tc.expect, sanitizeLink(tc.link))
+		})
+	}
+}