diff --git a/app/models/comment.rb b/app/models/comment.rb
index 9db5c45..bf46ae6 100644
--- a/app/models/comment.rb
+++ b/app/models/comment.rb
@@ -1,6 +1,7 @@
 class Comment < ActiveRecord::Base
   belongs_to :page
   belongs_to :author
+  validate :safe_url
   
   def name
     if self.author
@@ -9,4 +10,16 @@ class Comment < ActiveRecord::Base
       self.user
     end
   end
+  
+  private
+  
+  def safe_url
+    return true if self.url.to_s.empty?
+    if self.url =~ /^http:\/\// and self.url !~ /[^a-zA-Z0-9\._:\-\/]/
+      true
+    else
+      self.errors.add(:url, "is not a permissible address")
+      false
+    end
+  end
 end
\ No newline at end of file