diff --git a/globalredirect.module b/globalredirect.module
index 1e6ef7f..430f680 100644
--- a/globalredirect.module
+++ b/globalredirect.module
@@ -152,7 +152,13 @@ function globalredirect_init() {
 
     // If no alias was returned, the final check is to direct non-clean to clean - if clean is enabled
     if ((variable_get('globalredirect_nonclean2clean', GLOBALREDIRECT_NONCLEAN2CLEAN_ENABLED) == GLOBALREDIRECT_NONCLEAN2CLEAN_ENABLED) && ((bool)variable_get('clean_url', 0)) && strpos(request_uri(), '?q=')) {
-      drupal_goto($request, $query_string, NULL, 301);
+
+      // Do not redirect to an absolute URL originating from user input.
+      $colonpos = strpos($request, ':');
+      $absolute = ($colonpos !== FALSE && !preg_match('![/?#]!', substr($request, 0, $colonpos)));
+      if (!$absolute) {
+        drupal_goto($request, $query_string, NULL, 301);
+      }
     }
 
     // Restore the destination from earlier so its available in other places.