diff --git a/README.md b/README.md
index ab81e6f..b0800d8 100644
--- a/README.md
+++ b/README.md
@@ -27,7 +27,8 @@ marked:
   smartLists: true
   smartypants: true
   modifyAnchors: ''
-  autolink: true
+  autolink: true,
+  sanitizeUrl: false
 ```
 
 - **gfm** - Enables [GitHub flavored markdown](https://help.github.com/articles/github-flavored-markdown)
@@ -37,6 +38,7 @@ marked:
 - **smartypants** - Use "smart" typograhic punctuation for things like quotes and dashes.
 - **modifyAnchors** - Use for transform anchorIds. if `1` to lowerCase and if `2` to upperCase. **Must be integer**.
 - **autolink** - Enable autolink for URLs. E.g. `https://hexo.io` will become `<a href="https://hexo.io">https://hexo.io</a>`.
+- **sanitizeUrl** - Remove URLs that start with `javascript:`, `vbscript:` and `data:`.
 
 ## Extras
 
diff --git a/index.js b/index.js
index 8a071cc..66505fe 100644
--- a/index.js
+++ b/index.js
@@ -11,7 +11,8 @@ hexo.config.marked = Object.assign({
   smartLists: true,
   smartypants: true,
   modifyAnchors: '',
-  autolink: true
+  autolink: true,
+  sanitizeUrl: false
 }, hexo.config.marked);
 
 hexo.extend.renderer.register('md', 'html', renderer, true);
diff --git a/lib/renderer.js b/lib/renderer.js
index 8fbe944..4fb2397 100644
--- a/lib/renderer.js
+++ b/lib/renderer.js
@@ -35,6 +35,22 @@ function anchorId(str, transformOption) {
 
 // Support AutoLink option
 Renderer.prototype.link = function(href, title, text) {
+  if (this.options.sanitizeUrl) {
+    let prot;
+
+    try {
+      prot = decodeURIComponent(unescape(href))
+          .replace(/[^\w:]/g, '')
+          .toLowerCase();
+    } catch (e) {
+      return '';
+    }
+
+    if (prot.startsWith('javascript:') || prot.startsWith('vbscript:') || prot.startsWith('data:')) {
+      return '';
+    }
+  }
+
   if (!this.options.autolink && href === text && title == null) {
     return href;
   }