diff --git a/ajax/ajax_asset_details.php b/ajax/ajax_asset_details.php
index 3ffa50a2..ec378459 100644
--- a/ajax/ajax_asset_details.php
+++ b/ajax/ajax_asset_details.php
@@ -24,8 +24,8 @@ $asset_make = nullable_htmlentities($row['asset_make']);
 $asset_model = nullable_htmlentities($row['asset_model']);
 $asset_serial = nullable_htmlentities($row['asset_serial']);
 $asset_os = nullable_htmlentities($row['asset_os']);
-$asset_uri = nullable_htmlentities($row['asset_uri']);
-$asset_uri_2 = nullable_htmlentities($row['asset_uri_2']);
+$asset_uri = sanitize_url($row['asset_uri']);
+$asset_uri_2 = sanitize_url($row['asset_uri_2']);
 $asset_status = nullable_htmlentities($row['asset_status']);
 $asset_purchase_reference = nullable_htmlentities($row['asset_purchase_reference']);
 $asset_purchase_date = nullable_htmlentities($row['asset_purchase_date']);
@@ -262,25 +262,25 @@ ob_start();
                 </div>
                 <div class="card-body">
                     <?php if ($asset_type) { ?>
-                        <div><i class="fa fa-fw fa-tag text-secondary mr-3"></i><?php echo $asset_type; ?></div>
+                        <div><i class="fa fa-fw fa-tag text-secondary mr-2"></i><?php echo $asset_type; ?></div>
                     <?php }
                     if ($asset_make) { ?>
-                        <div class="mt-2"><i class="fa fa-fw fa-circle text-secondary mr-3"></i><?php echo "$asset_make $asset_model"; ?></div>
+                        <div class="mt-2"><i class="fa fa-fw fa-circle text-secondary mr-2"></i><?php echo "$asset_make $asset_model"; ?></div>
                     <?php }
                     if ($asset_os) { ?>
-                        <div class="mt-2"><i class="fab fa-fw fa-windows text-secondary mr-3"></i><?php echo "$asset_os"; ?></div>
+                        <div class="mt-2"><i class="fab fa-fw fa-windows text-secondary mr-2"></i><?php echo "$asset_os"; ?></div>
                     <?php }
                     if ($asset_serial) { ?>
-                        <div class="mt-2"><i class="fa fa-fw fa-barcode text-secondary mr-3"></i><?php echo $asset_serial; ?></div>
+                        <div class="mt-2"><i class="fa fa-fw fa-barcode text-secondary mr-2"></i><?php echo $asset_serial; ?></div>
                     <?php }
                     if ($asset_purchase_date) { ?>
-                        <div class="mt-2"><i class="fa fa-fw fa-shopping-cart text-secondary mr-3"></i><?php echo date('Y-m-d', strtotime($asset_purchase_date)); ?></div>
+                        <div class="mt-2"><i class="fa fa-fw fa-shopping-cart text-secondary mr-2"></i><?php echo date('Y-m-d', strtotime($asset_purchase_date)); ?></div>
                     <?php }
                     if ($asset_install_date) { ?>
-                        <div class="mt-2"><i class="fa fa-fw fa-calendar-check text-secondary mr-3"></i><?php echo date('Y-m-d', strtotime($asset_install_date)); ?></div>
+                        <div class="mt-2"><i class="fa fa-fw fa-calendar-check text-secondary mr-2"></i><?php echo date('Y-m-d', strtotime($asset_install_date)); ?></div>
                     <?php }
                     if ($asset_warranty_expire) { ?>
-                        <div class="mt-2"><i class="fa fa-fw fa-exclamation-triangle text-secondary mr-3"></i><?php echo date('Y-m-d', strtotime($asset_warranty_expire)); ?></div>
+                        <div class="mt-2"><i class="fa fa-fw fa-exclamation-triangle text-secondary mr-2"></i><?php echo date('Y-m-d', strtotime($asset_warranty_expire)); ?></div>
                     <?php } ?>
                 </div>
             </div>
@@ -291,19 +291,19 @@ ob_start();
                 </div>
                 <div class="card-body">
                     <?php if ($asset_ip) { ?>
-                        <div><i class="fa fa-fw fa-globe text-secondary mr-3"></i><?php echo $asset_ip; ?></div>
+                        <div><i class="fa fa-fw fa-globe text-secondary mr-2"></i><?php echo $asset_ip; ?></div>
                     <?php } ?>
                     <?php if ($asset_nat_ip) { ?>
-                        <div class="mt-2"><i class="fa fa-fw fa-random text-secondary mr-3"></i><?php echo $asset_nat_ip; ?></div>
+                        <div class="mt-2"><i class="fa fa-fw fa-random text-secondary mr-2"></i><?php echo $asset_nat_ip; ?></div>
                     <?php }
                     if ($asset_mac) { ?>
-                        <div class="mt-2"><i class="fa fa-fw fa-ethernet text-secondary mr-3"></i><?php echo $asset_mac; ?></div>
+                        <div class="mt-2"><i class="fa fa-fw fa-ethernet text-secondary mr-2"></i><?php echo $asset_mac; ?></div>
                     <?php }
                     if ($asset_uri) { ?>
-                        <div class="mt-2"><i class="fa fa-fw fa-link text-secondary mr-3"></i><a href="<?php echo $asset_uri; ?>" target="_blank">Link</a></div>
+                        <div class="mt-2"><i class="fa fa-fw fa-link text-secondary mr-2"></i><a href="<?php echo $asset_uri; ?>" target="_blank"><?php echo truncate($asset_uri, 20); ?></a></div>
                     <?php }
                     if ($asset_uri_2) { ?>
-                        <div class="mt-2"><i class="fa fa-fw fa-link text-secondary mr-3"></i><a href="<?php echo $asset_uri_2; ?>" target="_blank">Link 2</a></div>
+                        <div class="mt-2"><i class="fa fa-fw fa-link text-secondary mr-2"></i><a href="<?php echo $asset_uri_2; ?>" target="_blank"><?php echo truncate($asset_uri_2, 20); ?></a></div>
                     <?php } ?>
                 </div>
             </div>
@@ -315,19 +315,19 @@ ob_start();
                 </div>
                 <div class="card-body">
                     <?php if ($location_name) { ?>
-                        <div><i class="fa fa-fw fa-map-marker-alt text-secondary mr-3"></i><?php echo $location_name_display; ?></div>
+                        <div><i class="fa fa-fw fa-map-marker-alt text-secondary mr-2"></i><?php echo $location_name_display; ?></div>
                     <?php }
                     if ($contact_name) { ?>
-                        <div class="mt-2"><i class="fa fa-fw fa-user text-secondary mr-3"></i><?php echo $contact_name_display; ?></div>
+                        <div class="mt-2"><i class="fa fa-fw fa-user text-secondary mr-2"></i><?php echo $contact_name_display; ?></div>
                     <?php }
                     if ($contact_email) { ?>
-                        <div class="mt-2"><i class="fa fa-fw fa-envelope text-secondary mr-3"></i><a href='mailto:<?php echo $contact_email; ?>'><?php echo $contact_email; ?></a><button class='btn btn-sm clipboardjs' data-clipboard-text='<?php echo $contact_email; ?>'><i class='far fa-copy text-secondary'></i></button></div>
+                        <div class="mt-2"><i class="fa fa-fw fa-envelope text-secondary mr-2"></i><a href='mailto:<?php echo $contact_email; ?>'><?php echo $contact_email; ?></a><button class='btn btn-sm clipboardjs' data-clipboard-text='<?php echo $contact_email; ?>'><i class='far fa-copy text-secondary'></i></button></div>
                     <?php }
                     if ($contact_phone) { ?>
-                        <div class="mt-2"><i class="fa fa-fw fa-phone text-secondary mr-3"></i><?php echo formatPhoneNumber($contact_phone); echo " $contact_extension"; ?></div>
+                        <div class="mt-2"><i class="fa fa-fw fa-phone text-secondary mr-2"></i><?php echo formatPhoneNumber($contact_phone); echo " $contact_extension"; ?></div>
                     <?php }
                     if ($contact_mobile) { ?>
-                        <div class="mt-2"><i class="fa fa-fw fa-mobile-alt text-secondary mr-3"></i><?php echo formatPhoneNumber($contact_mobile); ?></div>
+                        <div class="mt-2"><i class="fa fa-fw fa-mobile-alt text-secondary mr-2"></i><?php echo formatPhoneNumber($contact_mobile); ?></div>
                     <?php } ?>
                 
                 </div>
diff --git a/asset_details.php b/asset_details.php
index ca4eaf2e..632c87b2 100644
--- a/asset_details.php
+++ b/asset_details.php
@@ -34,8 +34,8 @@ if (isset($_GET['asset_id'])) {
     $asset_model = nullable_htmlentities($row['asset_model']);
     $asset_serial = nullable_htmlentities($row['asset_serial']);
     $asset_os = nullable_htmlentities($row['asset_os']);
-    $asset_uri = nullable_htmlentities($row['asset_uri']);
-    $asset_uri_2 = nullable_htmlentities($row['asset_uri_2']);
+    $asset_uri = sanitize_url($row['asset_uri']);
+    $asset_uri_2 = sanitize_url($row['asset_uri_2']);
     $asset_status = nullable_htmlentities($row['asset_status']);
     $asset_purchase_reference = nullable_htmlentities($row['asset_purchase_reference']);
     $asset_purchase_date = nullable_htmlentities($row['asset_purchase_date']);
@@ -283,19 +283,19 @@ if (isset($_GET['asset_id'])) {
                 </div>
                 <div class="card-body">
                     <?php if ($asset_ip) { ?>
-                        <div><i class="fa fa-fw fa-globe text-secondary mr-3"></i><?php echo $asset_ip; ?></div>
+                        <div><i class="fa fa-fw fa-globe text-secondary mr-2"></i><?php echo $asset_ip; ?></div>
                     <?php } ?>
                     <?php if ($asset_nat_ip) { ?>
-                        <div class="mt-2"><i class="fa fa-fw fa-random text-secondary mr-3"></i><?php echo $asset_nat_ip; ?></div>
+                        <div class="mt-2"><i class="fa fa-fw fa-random text-secondary mr-2"></i><?php echo $asset_nat_ip; ?></div>
                     <?php }
                     if ($asset_mac) { ?>
-                        <div class="mt-2"><i class="fa fa-fw fa-ethernet text-secondary mr-3"></i><?php echo $asset_mac; ?></div>
+                        <div class="mt-2"><i class="fa fa-fw fa-ethernet text-secondary mr-2"></i><?php echo $asset_mac; ?></div>
                     <?php }
                     if ($asset_uri) { ?>
-                        <div class="mt-2"><i class="fa fa-fw fa-link text-secondary mr-3"></i><a href="<?php echo $asset_uri; ?>" target="_blank">Link</a></div>
+                        <div class="mt-2"><i class="fa fa-fw fa-link text-secondary mr-2"></i><a href="<?php echo $asset_uri; ?>" target="_blank"><?php echo truncate($asset_uri, 20); ?></a></div>
                     <?php }
                     if ($asset_uri_2) { ?>
-                        <div class="mt-2"><i class="fa fa-fw fa-link text-secondary mr-3"></i><a href="<?php echo $asset_uri_2; ?>" target="_blank">Link 2</a></div>
+                        <div class="mt-2"><i class="fa fa-fw fa-link text-secondary mr-2"></i><a href="<?php echo $asset_uri_2; ?>" target="_blank"><?php echo truncate($asset_uri_2, 20); ?></a></div>
                     <?php } ?>
                 </div>
             </div>
@@ -307,19 +307,19 @@ if (isset($_GET['asset_id'])) {
                 </div>
                 <div class="card-body">
                     <?php if ($location_name) { ?>
-                        <div><i class="fa fa-fw fa-map-marker-alt text-secondary mr-3"></i><?php echo $location_name_display; ?></div>
+                        <div><i class="fa fa-fw fa-map-marker-alt text-secondary mr-2"></i><?php echo $location_name_display; ?></div>
                     <?php }
                     if ($contact_name) { ?>
-                        <div class="mt-2"><i class="fa fa-fw fa-user text-secondary mr-3"></i><?php echo $contact_name_display; ?></div>
+                        <div class="mt-2"><i class="fa fa-fw fa-user text-secondary mr-2"></i><?php echo $contact_name_display; ?></div>
                     <?php }
                     if ($contact_email) { ?>
-                        <div class="mt-2"><i class="fa fa-fw fa-envelope text-secondary mr-3"></i><a href='mailto:<?php echo $contact_email; ?>'><?php echo $contact_email; ?></a><button class='btn btn-sm clipboardjs' data-clipboard-text='<?php echo $contact_email; ?>'><i class='far fa-copy text-secondary'></i></button></div>
+                        <div class="mt-2"><i class="fa fa-fw fa-envelope text-secondary mr-2"></i><a href='mailto:<?php echo $contact_email; ?>'><?php echo $contact_email; ?></a><button class='btn btn-sm clipboardjs' data-clipboard-text='<?php echo $contact_email; ?>'><i class='far fa-copy text-secondary'></i></button></div>
                     <?php }
                     if ($contact_phone) { ?>
-                        <div class="mt-2"><i class="fa fa-fw fa-phone text-secondary mr-3"></i><?php echo formatPhoneNumber($contact_phone); echo " $contact_extension"; ?></div>
+                        <div class="mt-2"><i class="fa fa-fw fa-phone text-secondary mr-2"></i><?php echo formatPhoneNumber($contact_phone); echo " $contact_extension"; ?></div>
                     <?php }
                     if ($contact_mobile) { ?>
-                        <div class="mt-2"><i class="fa fa-fw fa-mobile-alt text-secondary mr-3"></i><?php echo formatPhoneNumber($contact_mobile); ?></div>
+                        <div class="mt-2"><i class="fa fa-fw fa-mobile-alt text-secondary mr-2"></i><?php echo formatPhoneNumber($contact_mobile); ?></div>
                     <?php } ?>
                 
                 </div>
diff --git a/assets.php b/assets.php
index bdbb6112..a74df2b8 100644
--- a/assets.php
+++ b/assets.php
@@ -486,8 +486,8 @@ if (mysqli_num_rows($os_sql) > 0) {
                         $asset_ipv6 = nullable_htmlentities($row['interface_ipv6']);
                         $asset_nat_ip = nullable_htmlentities($row['interface_nat_ip']);
                         $asset_mac = nullable_htmlentities($row['interface_mac']);
-                        $asset_uri = nullable_htmlentities($row['asset_uri']);
-                        $asset_uri_2 = nullable_htmlentities($row['asset_uri_2']);
+                        $asset_uri = sanitize_url($row['asset_uri']);
+                        $asset_uri_2 = sanitize_url($row['asset_uri_2']);
                         $asset_status = nullable_htmlentities($row['asset_status']);
                         $asset_purchase_reference = nullable_htmlentities($row['asset_purchase_reference']);
                         $asset_purchase_date = nullable_htmlentities($row['asset_purchase_date']);
diff --git a/functions.php b/functions.php
index 1c1e9b6f..b440ef9e 100644
--- a/functions.php
+++ b/functions.php
@@ -1652,3 +1652,22 @@ function display_folder_options($parent_folder_id, $client_id, $folder_location
         display_folder_options($folder_id, $client_id, $folder_location, $indent + 1);
     }
 }
+
+function sanitize_url($url) {
+    $allowed = ['http', 'https', 'file', 'ftp', 'ftps', 'sftp', 'dav', 'webdav', 'caldav', 'carddav',  'ssh', 'telnet', 'smb', 'rdp', 'vnc', 'rustdesk', 'anydesk', 'connectwise', 'splashtop', 'sip', 'sips', 'ldap', 'ldaps'];
+    $parts = parse_url($url);
+    if (isset($parts['scheme']) && !in_array(strtolower($parts['scheme']), $allowed)) {
+        // Remove the scheme and colon
+        $pos = strpos($url, ':');
+        $without_scheme = $url;
+        if ($pos !== false) {
+            $without_scheme = substr($url, $pos + 1); // This keeps slashes (e.g. //pizza.com)
+        }
+        // Prepend 'unsupported://' (strip any leading slashes from $without_scheme to avoid triple slashes)
+        $unsupported = 'unsupported://' . ltrim($without_scheme, '/');
+        return htmlspecialchars($unsupported, ENT_QUOTES, 'UTF-8');
+    }
+
+    // Safe schemes: return escaped original URL
+    return htmlspecialchars($url, ENT_QUOTES, 'UTF-8');
+}
\ No newline at end of file
diff --git a/includes/side_nav.php b/includes/side_nav.php
index 7d30cc8a..24c1f288 100644
--- a/includes/side_nav.php
+++ b/includes/side_nav.php
@@ -211,7 +211,7 @@
 
                 while ($row = mysqli_fetch_array($sql_custom_links)) {
                     $custom_link_name = nullable_htmlentities($row['custom_link_name']);
-                    $custom_link_uri = nullable_htmlentities($row['custom_link_uri']);
+                    $custom_link_uri = sanitize_url($row['custom_link_uri']);
                     $custom_link_icon = nullable_htmlentities($row['custom_link_icon']);
                     $custom_link_new_tab = intval($row['custom_link_new_tab']);
                     if ($custom_link_new_tab == 1) {
diff --git a/includes/top_nav.php b/includes/top_nav.php
index 45aeaa88..944cd3c2 100644
--- a/includes/top_nav.php
+++ b/includes/top_nav.php
@@ -36,7 +36,7 @@
 
         while ($row = mysqli_fetch_array($sql_custom_links)) {
             $custom_link_name = nullable_htmlentities($row['custom_link_name']);
-            $custom_link_uri = nullable_htmlentities($row['custom_link_uri']);
+            $custom_link_uri = sanitize_url($row['custom_link_uri']);
             $custom_link_icon = nullable_htmlentities($row['custom_link_icon']);
             $custom_link_new_tab = intval($row['custom_link_new_tab']);
             if ($custom_link_new_tab == 1) {