diff --git a/Core/Base/Utils.php b/Core/Base/Utils.php
index 69d0f1a97e..7aadd5c4b9 100644
--- a/Core/Base/Utils.php
+++ b/Core/Base/Utils.php
@@ -138,7 +138,7 @@ public static function intval(?string $str): ?int
     public static function isValidUrl(string $url): bool
     {
         // si la url está vacío o comienza por javascript: entonces no es una url válida
-        if (empty($url) || strpos($url, 'javascript:') === 0) {
+        if (empty($url) || stripos($url, 'javascript:') === 0) {
             return false;
         }
 
diff --git a/Test/Core/Model/AgenciaTransporteTest.php b/Test/Core/Model/AgenciaTransporteTest.php
index bd7b5e9ab1..2ab1647905 100644
--- a/Test/Core/Model/AgenciaTransporteTest.php
+++ b/Test/Core/Model/AgenciaTransporteTest.php
@@ -60,9 +60,13 @@ public function testBadWeb()
         $agency->web = 'javascript:alert(origin)';
         $this->assertFalse($agency->save(), 'agency-can-save-bad-web');
 
-        // otra url peligrosa
+        // javascript con forma de url
         $agency->web = 'javascript://example.com//%0aalert(document.domain);//';
         $this->assertFalse($agency->save(), 'agency-can-save-bad-web-2');
+
+        // javascript con mayúsculas
+        $agency->web = 'jAvAsCriPt://sadas.com/%0aalert(11);//';
+        $this->assertFalse($agency->save(), 'agency-can-save-bad-web-3');
     }
 
     public function testGoodWeb()