diff --git a/js/lib/urlutil.js b/js/lib/urlutil.js
index d4da43216e6..a2ebc9185ce 100644
--- a/js/lib/urlutil.js
+++ b/js/lib/urlutil.js
@@ -214,7 +214,7 @@ const UrlUtil = {
   isPotentialPhishingUrl: function (url) {
     if (typeof url !== 'string') { return false }
     const protocol = urlParse(url.trim().toLowerCase()).protocol
-    return ['data:', 'blob:', 'javascript:'].includes(protocol)
+    return ['data:', 'blob:'].includes(protocol)
   },
 
   /**
diff --git a/test/unit/lib/urlutilTest.js b/test/unit/lib/urlutilTest.js
index 60233be594c..96a7644cf19 100644
--- a/test/unit/lib/urlutilTest.js
+++ b/test/unit/lib/urlutilTest.js
@@ -281,11 +281,8 @@ describe('urlutil', function () {
     it('returns true if input is a data URL', function () {
       assert.equal(UrlUtil.isPotentialPhishingUrl('data:text/html,<script>alert("no crash")</script>'), true)
     })
-    it('returns true if input is a js URL', function () {
-      assert.equal(UrlUtil.isPotentialPhishingUrl('   JAVASCRIPT:alert(1)'), true)
-    })
     it('returns true if input is a blob URL', function () {
-      assert.equal(UrlUtil.isPotentialPhishingUrl('   blob:foo '), true)
+      assert.equal(UrlUtil.isPotentialPhishingUrl('   BLOB:foo '), true)
     })
   })
 })