diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
index 474f0ca..8fc0c56 100644
--- a/autotests/ktexttohtmltest.cpp
+++ b/autotests/ktexttohtmltest.cpp
@@ -30,6 +30,15 @@ QTEST_MAIN(KTextToHTMLTest)
 
 Q_DECLARE_METATYPE(KTextToHTML::Options)
 
+#ifndef Q_OS_WIN
+void initLocale()
+{
+    setenv("LC_ALL", "en_US.utf-8", 1);
+}
+Q_CONSTRUCTOR_FUNCTION(initLocale)
+#endif
+
+
 void KTextToHTMLTest::testGetEmailAddress()
 {
     // empty input
@@ -372,6 +381,11 @@ void KTextToHTMLTest::testHtmlConvert_data()
     QTest::newRow("url-in-parenthesis-3") << "bla (http://www.kde.org - section 5.2)"
                                           << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
                                           << "bla (<a href=\"http://www.kde.org\">http://www.kde.org</a> - section 5.2)";
+    
+   // Fix url as foo <<url> <url>> when we concatened them.
+   QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>"
+                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
+                               << "foo &lt;<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a>&lt;<a href=\"http://www.kde.org/\">http://www.kde.org/</a>&gt;&gt;";
 }
 
 
diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp
index b5e1bda..c70d062 100644
--- a/src/lib/text/ktexttohtml.cpp
+++ b/src/lib/text/ktexttohtml.cpp
@@ -228,11 +228,19 @@ QString KTextToHTMLHelper::getUrl()
 
         url.reserve(mMaxUrlLen);    // avoid allocs
         int start = mPos;
+        bool previousCharIsSpace = false;
         while ((mPos < mText.length()) &&
                 (mText[mPos].isPrint() || mText[mPos].isSpace()) &&
                 ((afterUrl.isNull() && !mText[mPos].isSpace()) ||
                  (!afterUrl.isNull() && mText[mPos] != afterUrl))) {
-            if (!mText[mPos].isSpace()) {     // skip whitespace
+            if (mText[mPos].isSpace()) {
+                previousCharIsSpace = true;
+            } else { // skip whitespace
+                if (previousCharIsSpace && mText[mPos] == QLatin1Char('<')) {
+                    url.append(QLatin1Char(' '));
+                    break;
+                }
+                previousCharIsSpace = false;
                 url.append(mText[mPos]);
                 if (url.length() > mMaxUrlLen) {
                     break;
@@ -267,7 +275,6 @@ QString KTextToHTMLHelper::getUrl()
             }
         } while (url.length() > 1);
     }
-
     return url;
 }
 
@@ -334,6 +341,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
     QChar ch;
     int x;
     bool startOfLine = true;
+    //qDebug()<<" plainText"<<plainText;
 
     for (helper.mPos = 0, x = 0; helper.mPos < helper.mText.length();
             ++helper.mPos, ++x) {
@@ -402,6 +410,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
             const int start = helper.mPos;
             if (!(flags & IgnoreUrls)) {
                 str = helper.getUrl();
+                //qDebug()<<" str"<<str;
                 if (!str.isEmpty()) {
                     QString hyperlink;
                     if (str.left(4) == QLatin1String("www.")) {
@@ -455,6 +464,7 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
 
         result = helper.emoticonsInterface()->parseEmoticons(result, true, exclude);
     }
+    //qDebug()<<" result "<<result;
 
     return result;
 }
diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
index 8fc0c56..c5690e8 100644
--- a/autotests/ktexttohtmltest.cpp
+++ b/autotests/ktexttohtmltest.cpp
@@ -386,6 +386,12 @@ void KTextToHTMLTest::testHtmlConvert_data()
    QTest::newRow("url-with-url") << "foo <http://www.kde.org/ <http://www.kde.org/>>"
                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
                                << "foo &lt;<a href=\"http://www.kde.org/ \">http://www.kde.org/ </a>&lt;<a href=\"http://www.kde.org/\">http://www.kde.org/</a>&gt;&gt;";
+
+   //Fix url exploit
+   QTest::newRow("url-exec-html") << "https://\"><!--"
+                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
+                               << "https://\"><!--";
+
 }
 
 
diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp
index c70d062..97c5eab 100644
--- a/src/lib/text/ktexttohtml.cpp
+++ b/src/lib/text/ktexttohtml.cpp
@@ -156,7 +156,6 @@ bool KTextToHTMLHelper::atUrl()
              (allowedSpecialChars.indexOf(mText[mPos - 1]) != -1))) {
         return false;
     }
-
     QChar ch = mText[mPos];
     return
         (ch == QLatin1Char('h') && (mText.mid(mPos, 7) == QLatin1String("http://") ||
@@ -192,7 +191,7 @@ bool KTextToHTMLHelper::isEmptyUrl(const QString &url)
            url == QLatin1String("news://");
 }
 
-QString KTextToHTMLHelper::getUrl()
+QString KTextToHTMLHelper::getUrl(bool *badurl)
 {
     QString url;
     if (atUrl()) {
@@ -229,6 +228,7 @@ QString KTextToHTMLHelper::getUrl()
         url.reserve(mMaxUrlLen);    // avoid allocs
         int start = mPos;
         bool previousCharIsSpace = false;
+        bool previousCharIsADoubleQuote = false;
         while ((mPos < mText.length()) &&
                 (mText[mPos].isPrint() || mText[mPos].isSpace()) &&
                 ((afterUrl.isNull() && !mText[mPos].isSpace()) ||
@@ -241,6 +241,18 @@ QString KTextToHTMLHelper::getUrl()
                     break;
                 }
                 previousCharIsSpace = false;
+                if (mText[mPos] == QLatin1Char('>') && previousCharIsADoubleQuote) {
+                    //it's an invalid url
+                    if (badurl) {
+                        *badurl = true;
+                    }
+                    return QString();
+                }
+                if (mText[mPos] == QLatin1Char('"')) {
+                    previousCharIsADoubleQuote = true;
+                } else {
+                    previousCharIsADoubleQuote = false;
+                }
                 url.append(mText[mPos]);
                 if (url.length() > mMaxUrlLen) {
                     break;
@@ -341,7 +353,6 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
     QChar ch;
     int x;
     bool startOfLine = true;
-    //qDebug()<<" plainText"<<plainText;
 
     for (helper.mPos = 0, x = 0; helper.mPos < helper.mText.length();
             ++helper.mPos, ++x) {
@@ -409,8 +420,11 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
         } else {
             const int start = helper.mPos;
             if (!(flags & IgnoreUrls)) {
-                str = helper.getUrl();
-                //qDebug()<<" str"<<str;
+                bool badUrl = false;
+                str = helper.getUrl(&badUrl);
+                if (badUrl) {
+                    return helper.mText;
+                }
                 if (!str.isEmpty()) {
                     QString hyperlink;
                     if (str.left(4) == QLatin1String("www.")) {
@@ -464,7 +478,6 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
 
         result = helper.emoticonsInterface()->parseEmoticons(result, true, exclude);
     }
-    //qDebug()<<" result "<<result;
 
     return result;
 }
diff --git a/src/lib/text/ktexttohtml_p.h b/src/lib/text/ktexttohtml_p.h
index 74ad7a0..fc43613 100644
--- a/src/lib/text/ktexttohtml_p.h
+++ b/src/lib/text/ktexttohtml_p.h
@@ -49,7 +49,7 @@ public:
     QString getEmailAddress();
     bool atUrl();
     bool isEmptyUrl(const QString &url);
-    QString getUrl();
+    QString getUrl(bool *badurl = Q_NULLPTR);
     QString pngToDataUrl(const QString &pngPath);
     QString highlightedText();