diff --git a/lhc_web/modules/lhcobrowse/proxycss.php b/lhc_web/modules/lhcobrowse/proxycss.php
index 7838aa53fd..89097ca00c 100644
--- a/lhc_web/modules/lhcobrowse/proxycss.php
+++ b/lhc_web/modules/lhcobrowse/proxycss.php
@@ -15,7 +15,13 @@
     $browse = erLhcoreClassCoBrowse::getBrowseInstance($chat);
 }
 
-$url = parse_url($_GET['base']);
+$base = trim($_GET['base']);
+
+if (!filter_var($base, FILTER_VALIDATE_URL)) {
+    exit;
+}
+
+$url = parse_url($base);
 
 // Only http/https supported
 if (!in_array($url['scheme'],['http','https']) || (isset($url['port']) && !in_array($url['port'],[80,443]))) {
@@ -42,7 +48,7 @@
         }
     } else {
 
-        if (!in_array($urlCSS['scheme'],['http','https']) || (isset($urlCSS['port']) && !in_array($urlCSS['port'],[80,443]))) {
+        if (!filter_var($_GET['css'], FILTER_VALIDATE_URL) || !in_array($urlCSS['scheme'],['http','https']) || (isset($urlCSS['port']) && !in_array($urlCSS['port'],[80,443]))) {
             exit;
         }