diff --git a/core/modules/link/src/Plugin/Field/FieldFormatter/LinkFormatter.php b/core/modules/link/src/Plugin/Field/FieldFormatter/LinkFormatter.php
index 75a46fa4aa..cce847506a 100644
--- a/core/modules/link/src/Plugin/Field/FieldFormatter/LinkFormatter.php
+++ b/core/modules/link/src/Plugin/Field/FieldFormatter/LinkFormatter.php
@@ -178,6 +178,11 @@ public function viewElements(FieldItemListInterface $items, $langcode) {
       $url = $this->buildUrl($item);
       $link_title = $url->toString();
 
+      // If the external URL starts with '//', trim it.
+      if ($url->isExternal() && (strpos($url->getUri(), '//') === 0)) {
+        $link_title = ltrim($link_title, '//');
+      }
+
       // If the title field value is available, use it for the link text.
       if (empty($settings['url_only']) && !empty($item->title)) {
         // Unsanitized token replacement here because the entire link title
diff --git a/core/modules/link/src/Plugin/Validation/Constraint/LinkExternalProtocolsConstraintValidator.php b/core/modules/link/src/Plugin/Validation/Constraint/LinkExternalProtocolsConstraintValidator.php
index 9484173918..0305fde247 100644
--- a/core/modules/link/src/Plugin/Validation/Constraint/LinkExternalProtocolsConstraintValidator.php
+++ b/core/modules/link/src/Plugin/Validation/Constraint/LinkExternalProtocolsConstraintValidator.php
@@ -25,8 +25,17 @@ public function validate($value, Constraint $constraint) {
         return;
       }
       // Disallow external URLs using untrusted protocols.
-      if ($url->isExternal() && !in_array(parse_url($url->getUri(), PHP_URL_SCHEME), UrlHelper::getAllowedProtocols())) {
-        $this->context->addViolation($constraint->message, ['@uri' => $value->uri]);
+      if ($url->isExternal()) {
+        $allowed_protocols = UrlHelper::getAllowedProtocols();
+        $parsed_url = parse_url($url->getUri(), PHP_URL_SCHEME);
+        $has_untrusted_protocol = !in_array($parsed_url, $allowed_protocols);
+
+        // Protocol-relative URLs start with '//'.
+        $not_protocol_relative = strpos($url->getUri(), '//') !== 0;
+
+        if ($not_protocol_relative && $has_untrusted_protocol) {
+          $this->context->addViolation($constraint->message, ['@uri' => $value->uri]);
+        }
       }
     }
   }
diff --git a/core/modules/link/tests/src/Unit/Plugin/Validation/Constraint/LinkExternalProtocolsConstraintValidatorTest.php b/core/modules/link/tests/src/Unit/Plugin/Validation/Constraint/LinkExternalProtocolsConstraintValidatorTest.php
index 506a49de8d..27a874cbac 100644
--- a/core/modules/link/tests/src/Unit/Plugin/Validation/Constraint/LinkExternalProtocolsConstraintValidatorTest.php
+++ b/core/modules/link/tests/src/Unit/Plugin/Validation/Constraint/LinkExternalProtocolsConstraintValidatorTest.php
@@ -57,7 +57,8 @@ public function providerValidate() {
     $data[] = ['https://www.drupal.org', TRUE];
     // cSpell:disable-next-line
     $data[] = ['magnet:?xt=urn:sha1:YNCKHTQCWBTRNJIV4WNAE52SJUQCZO5C', TRUE];
-
+    // Protocol-relative URL.
+    $data[] = ['//www.drupal.org', TRUE];
     // Invalid protocols.
     $data[] = ['ftp://ftp.funet.fi/pub/standards/RFC/rfc959.txt', FALSE];