diff --git a/Core/Base/Utils.php b/Core/Base/Utils.php
index 9de3dc6553..69d0f1a97e 100644
--- a/Core/Base/Utils.php
+++ b/Core/Base/Utils.php
@@ -135,6 +135,16 @@ public static function intval(?string $str): ?int
         return $str === null ? null : (int)$str;
     }
 
+    public static function isValidUrl(string $url): bool
+    {
+        // si la url está vacío o comienza por javascript: entonces no es una url válida
+        if (empty($url) || strpos($url, 'javascript:') === 0) {
+            return false;
+        }
+
+        return filter_var($url, FILTER_VALIDATE_URL) !== false;
+    }
+
     /**
      * This function converts:
      * < to &lt;
diff --git a/Core/Model/AgenciaTransporte.php b/Core/Model/AgenciaTransporte.php
index 2fbb3f9a1b..f3df5f138b 100644
--- a/Core/Model/AgenciaTransporte.php
+++ b/Core/Model/AgenciaTransporte.php
@@ -93,7 +93,7 @@ public function test(): bool
         $this->web = $utils->noHtml($this->web);
 
         // check if the web is a valid url
-        if (!empty($this->web) && !filter_var($this->web, FILTER_VALIDATE_URL)) {
+        if (!empty($this->web) && false === self::toolBox()::utils()::isValidUrl($this->web)) {
             self::toolBox()::i18nLog()->error('invalid-web');
             return false;
         }
diff --git a/Test/Core/Model/AgenciaTransporteTest.php b/Test/Core/Model/AgenciaTransporteTest.php
index 0afbb36c87..bd7b5e9ab1 100644
--- a/Test/Core/Model/AgenciaTransporteTest.php
+++ b/Test/Core/Model/AgenciaTransporteTest.php
@@ -59,6 +59,10 @@ public function testBadWeb()
         $agency->nombre = 'Test Agency';
         $agency->web = 'javascript:alert(origin)';
         $this->assertFalse($agency->save(), 'agency-can-save-bad-web');
+
+        // otra url peligrosa
+        $agency->web = 'javascript://example.com//%0aalert(document.domain);//';
+        $this->assertFalse($agency->save(), 'agency-can-save-bad-web-2');
     }
 
     public function testGoodWeb()