diff --git a/src/Toolbox/URL.php b/src/Toolbox/URL.php
index efaadb19781..0aed2bd1548 100644
--- a/src/Toolbox/URL.php
+++ b/src/Toolbox/URL.php
@@ -54,7 +54,8 @@ final public static function sanitizeURL(?string $url): string
 
         $url = trim($url);
 
-        if (preg_match('/^javascript:/i', $url)) {
+        $js_pattern = '/^' . implode('\s*', str_split('javascript:')) . '/i';
+        if (preg_match($js_pattern, $url)) {
             return '';
         }
 
diff --git a/tests/units/Glpi/Toolbox/URL.php b/tests/units/Glpi/Toolbox/URL.php
index 8a65ee5ff78..51fb598fce3 100644
--- a/tests/units/Glpi/Toolbox/URL.php
+++ b/tests/units/Glpi/Toolbox/URL.php
@@ -53,6 +53,14 @@ protected function urlProvider(): iterable
             'url'      => 'javascript:alert(1);',
             'expected' => '',
         ];
+        yield [
+            'url'      => "java\nscript:alert(1);",
+            'expected' => '',
+        ];
+        yield [
+            'url'      => "j a v\t\ta\n  s c \t ript  :alert(1);",
+            'expected' => '',
+        ];
         yield [
             'url'      => 'jAvAscrIPt:alert(1);',
             'expected' => '',