diff --git a/lib/helpers/isValidXss.js b/lib/helpers/isValidXss.js
index 3545fb5c29..3c834a7cfa 100644
--- a/lib/helpers/isValidXss.js
+++ b/lib/helpers/isValidXss.js
@@ -1,6 +1,7 @@
 'use strict';
 
 module.exports = function isValidXss(requestURL) {
-  var xssRegex = /(\b)(on\S+)(\s*)=|javascript|(<\s*)(\/*)script/gi;
+  var xssRegex = /(\b)(on\w+)=|javascript|(<\s*)(\/*)script/gi;
   return xssRegex.test(requestURL);
 };
+
diff --git a/test/specs/helpers/isValidXss.spec.js b/test/specs/helpers/isValidXss.spec.js
index b17b686062..dcfcf9d772 100644
--- a/test/specs/helpers/isValidXss.spec.js
+++ b/test/specs/helpers/isValidXss.spec.js
@@ -12,6 +12,7 @@ describe('helpers::isValidXss', function () {
   });
 
   it('should not detect non script tags', function() {
+    expect(isValidXss("/one/?foo=bar")).toBe(false);
     expect(isValidXss("<safe> tags")).toBe(false);
     expect(isValidXss("<safetag>")).toBe(false);
     expect(isValidXss(">>> safe <<<")).toBe(false);