--- loncom/interface/lonexturlcheck.pm	2019/05/02 20:28:18	1.2
+++ loncom/interface/lonexturlcheck.pm	2019/05/02 23:09:38	1.3
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Handler to check if external resource can be shown in iframe
 #
-# $Id: lonexturlcheck.pm,v 1.2 2019/05/02 20:28:18 raeburn Exp $
+# $Id: lonexturlcheck.pm,v 1.3 2019/05/02 23:09:38 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -98,11 +98,12 @@ sub handler {
         ((&Apache::lonnet::allowed('mdc',$env{'request.course.id'})) ||
          (&Apache::lonnet::allowed('cev',$env{'request.course.id'})))) {
         &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['exturl']);
-        if ($env{'form.exturl'} =~ m{^https?\://[^/]+}) {
+        $env{'form.exturl'} =~ s/^\s+|\s+$//g;
+        if ($env{'form.exturl'} =~ m{^https?\://([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}}i) {
             my $hostname = $r->hostname();
             my $lonhost = $r->dir_config('lonHostID');
             my $ip = &Apache::lonnet::get_host_ip($lonhost);
-            $r->print(&Apache::loncommon::is_nonframeable($env{'form.exturl'},'',$hostname,$ip));
+            $r->print(&Apache::loncommon::is_nonframeable($env{'form.exturl'},'',$hostname,$ip,1));
         } else {
             $r->print(0);
         }