diff --git a/src/containers/tw-security-manager.jsx b/src/containers/tw-security-manager.jsx
index 548af232de8..9a79aa3c505 100644
--- a/src/containers/tw-security-manager.jsx
+++ b/src/containers/tw-security-manager.jsx
@@ -94,7 +94,17 @@ const parseURL = url => {
     } catch (e) {
         return null;
     }
-    const protocols = ['http:', 'https:', 'ws:', 'wss:', 'data:', 'blob:'];
+    const protocols = [
+        // The important one we want to exclude is javascript:
+        'http:',
+        'https:',
+        'ws:',
+        'wss:',
+        'data:',
+        'blob:',
+        'mailto:',
+        'steam:'
+    ];
     if (!protocols.includes(parsed.protocol)) {
         return null;
     }