diff --git a/link.module b/link.module
index 84ff298..7032ec0 100644
--- a/link.module
+++ b/link.module
@@ -530,19 +530,36 @@ function _link_sanitize(&$item, $delta, &$field, $instance, &$entity) {
   $url_parts = _link_parse_url($url);
 
   if (!empty($url_parts['url'])) {
-    $item['url'] = url($url_parts['url'],
-      array('query' => isset($url_parts['query']) ? $url_parts['query'] : NULL,
-      'fragment' => isset($url_parts['fragment']) ? $url_parts['fragment'] : NULL,
-      'absolute' => !empty($instance['settings']['absolute_url']),
-      'html' => TRUE,
-      )
-    );
+    if ($type === LINK_EXTERNAL) {
+      // Touch external links as little as possible because external sites can
+      // have very weird URL query parameters. Therefore we cannot use
+      // $url_parts.
+      if (drupal_validate_utf8($url)) {
+        $item['url'] = drupal_strip_dangerous_protocols($url);
+      }
+      else {
+        // Invalid UTF-8, so there is nothing we can do.
+        $item['url'] = '';
+      }
+    }
+    else {
+      $item['url'] = url($url_parts['url'],
+        array('query' => isset($url_parts['query']) ? $url_parts['query'] : NULL,
+        'fragment' => isset($url_parts['fragment']) ? $url_parts['fragment'] : NULL,
+        'absolute' => !empty($instance['settings']['absolute_url']),
+        'html' => TRUE,
+        )
+      );
+    }
   }
 
   // Create a shortened URL for display.
   if ($type == LINK_EMAIL) {
     $display_url = str_replace('mailto:', '', $url);
   }
+  elseif ($type === LINK_EXTERNAL) {
+    $display_url = $item['url'];
+  }
   else {
     $display_url = url($url_parts['url'],
       array(