diff --git a/Gemfile b/Gemfile
index d6432c8..107fc29 100644
--- a/Gemfile
+++ b/Gemfile
@@ -9,3 +9,4 @@ gem "rspec", "~> 3.0"
 gem "parslet"
 gem "guard"
 gem "guard-rspec"
+gem "sanitize"
diff --git a/Gemfile.lock b/Gemfile.lock
index 0a1c754..126654d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -12,6 +12,7 @@ GEM
     celluloid (0.15.2)
       timers (~> 1.1.0)
     coderay (1.1.0)
+    crass (1.0.2)
     daemons (1.2.3)
     diff-lcs (1.2.5)
     eventmachine (1.0.8)
@@ -34,7 +35,12 @@ GEM
       rb-inotify (>= 0.9)
     lumberjack (1.0.9)
     method_source (0.8.2)
+    mini_portile (0.6.2)
     minitest (5.8.2)
+    nokogiri (1.6.6.2)
+      mini_portile (~> 0.6.0)
+    nokogumbo (1.4.1)
+      nokogiri
     parslet (1.7.1)
       blankslate (>= 2.0, <= 4.0)
     pry (0.10.0)
@@ -61,6 +67,10 @@ GEM
     rspec-support (3.1.0)
     ruby-bbcode (2.0.0)
       activesupport (>= 3.2.3)
+    sanitize (4.0.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.4.4)
+      nokogumbo (= 1.4.1)
     sinatra (1.4.6)
       rack (~> 1.4)
       rack-protection (~> 1.4)
@@ -91,6 +101,7 @@ DEPENDENCIES
   parslet
   rspec (~> 3.0)
   ruby-bbcode
+  sanitize
   sinatra
   slim
   thin
diff --git a/bristlecode.rb b/bristlecode.rb
index 77d36a2..0a06660 100644
--- a/bristlecode.rb
+++ b/bristlecode.rb
@@ -1,4 +1,5 @@
 require 'parslet'
+require 'sanitize'
 
 module Bristlecode
 
@@ -125,6 +126,7 @@ module Bristlecode
 
     def initialize(args)
       self.href = args[:href].to_str.strip
+      check_href
       if args.has_key? :title
         self.title = Doc.new(args[:title])
       else
@@ -132,6 +134,12 @@ module Bristlecode
       end
     end
 
+    def check_href
+      unless href =~ /^(\/[^\/]|https?:\/\/)/
+        raise "href must start with /, http, or https"
+      end
+    end
+
     def to_html
       "<a href=\"#{href}\">#{title.to_html}</a>"
     end
diff --git a/spec/bristlecode/parser_spec.rb b/spec/bristlecode/parser_spec.rb
index 4c81d9a..02a488d 100644
--- a/spec/bristlecode/parser_spec.rb
+++ b/spec/bristlecode/parser_spec.rb
@@ -56,24 +56,24 @@ module Bristlecode
     end
 
     it 'can render simple links' do
-      input = '[url]example.com[/url]'
-      output = '<a href="example.com">example.com</a>'
+      input = '[url]http://example.com[/url]'
+      output = '<a href="http://example.com">http:&#x2F;&#x2F;example.com</a>'
       expect(to_html(input)).to eq(output)
 
-      input = '[url]    example.com    [/url]'
-      output = '<a href="example.com">example.com</a>'
+      input = '[url]    http://example.com    [/url]'
+      output = '<a href="http://example.com">http:&#x2F;&#x2F;example.com</a>'
       expect(to_html(input)).to eq(output)
     end
 
     it 'passes simple url contents opaquely' do
-      input = '[url]x[b]y[/b]z[/url]'
-      output = '<a href="x[b]y[/b]z">x[b]y[&#x2F;b]z</a>'
+      input = '[url]http://x[b]y[/b]z[/url]'
+      output = '<a href="http://x[b]y[/b]z">http:&#x2F;&#x2F;x[b]y[&#x2F;b]z</a>'
       expect(to_html(input)).to eq(output)
     end
 
     it 'handles urls with titles' do
-      input = '[url=google.com]the google[/url]'
-      output = '<a href="google.com">the google</a>'
+      input = '[url=http://google.com]the google[/url]'
+      output = '<a href="http://google.com">the google</a>'
       expect(to_html(input)).to eq(output)
     end