diff --git a/app/controllers/oer/mymaterial.php b/app/controllers/oer/mymaterial.php
index 57eace096e8ba33fe2d1918c1200c467631985c2..7d3271842649bd3a4b34736ea4749f4cfb995fa4 100644
--- a/app/controllers/oer/mymaterial.php
+++ b/app/controllers/oer/mymaterial.php
@@ -36,7 +36,12 @@ class Oer_MymaterialController extends AuthenticatedController
         } elseif (Request::isPost()) {
             $was_new = $material->isNew();
             $was_on_twillo = (bool) $material['published_id_on_twillo'];
-            $material->setData(Request::getArray('data'));
+            $data = Request::getArray('data');
+            $material->setData($data);
+            if ($data['player_url'] && !$material->hasValidPreviewUrl()) {
+                PageLayout::postWarning(_('Die angegebene URL muss mit http(s) beginnen.'));
+                $material->player_url = '';
+            }
             $material['host_id'] = null;
             $material['license_identifier'] = Request::get('license', 'CC-BY-SA-4.0');
             if (!empty($_FILES['file']['tmp_name'])) {
diff --git a/app/views/oer/embed/url.php b/app/views/oer/embed/url.php
index 2c9af801c95fa1c4058d06cb9a0ec21866afb883..1b40d2404cd40eb1156465235f9d9162a79cb87f 100644
--- a/app/views/oer/embed/url.php
+++ b/app/views/oer/embed/url.php
@@ -5,7 +5,8 @@ if ($material['player_url']) {
 }
 $htmlid = "oercampus_".$material->id."_".uniqid();
 ?>
-<iframe id='<?= $htmlid ?>'
+<iframe sandbox="allow-forms allow-popups allow-pointer-lock allow-same-origin allow-scripts"
+        id='<?= $htmlid ?>'
         src="<?= htmlReady($url) ?>"
         style="width: 100%; height: 70vh; border: none;"></iframe>
 <?= $this->render_partial("oer/embed/_link") ?>
diff --git a/app/views/oer/market/details.php b/app/views/oer/market/details.php
index 78deb86a8292d344c6d8a9ff2389ce1f093d45ea..6ec8378eae47fe207b9077775f2132e64a3a7ff1 100644
--- a/app/views/oer/market/details.php
+++ b/app/views/oer/market/details.php
@@ -2,7 +2,7 @@
 
 <? $url = $material->getDownloadUrl() ?>
 
-<? if ($material['player_url']) : ?>
+<? if ($material->hasValidPreviewUrl()) : ?>
     <iframe src="<?= htmlReady($material['player_url']) ?>"
             class="lernmarktplatz_player"></iframe>
     <? OERDownloadcounter::addCounter($material->id) ?>
diff --git a/app/views/oer/mymaterial/edit.php b/app/views/oer/mymaterial/edit.php
index a9957ae4aa5e17a47d4a0341865d871bac5ff4bd..5d1238193f67a2d7072de3fe4cf0c26a33871bde 100644
--- a/app/views/oer/mymaterial/edit.php
+++ b/app/views/oer/mymaterial/edit.php
@@ -120,7 +120,7 @@
 
             <label>
                 <?= _('Vorschau-URL (optional)') ?>
-                <input type="text" name="data[player_url]"
+                <input type="url" name="data[player_url]" pattern="^https?://.*"
                        value="<?= htmlReady($material['player_url'] ?: $template['player_url'] ?? '') ?>">
             </label>
 
diff --git a/lib/models/OERMaterial.php b/lib/models/OERMaterial.php
index d72853faacd737539da422f473dc0e6e511b8c8c..a023ad1ed6ba38b10a7ecfde1130d02356baf01f 100644
--- a/lib/models/OERMaterial.php
+++ b/lib/models/OERMaterial.php
@@ -187,19 +187,19 @@ class OERMaterial extends SimpleORMap
 
         $url = $material->getDownloadUrl();
 
-        if ($material['player_url'] || $material->isPDF()) {
-            if ($material['player_url']) {
+        if ($material->hasValidPreviewUrl() || $material->isPDF()) {
+            if ($material->hasValidPreviewUrl()) {
                 OERDownloadcounter::addCounter($material->id);
                 $url = $material['player_url'];
             }
             $htmlid = "oercampus_".$material->id."_".uniqid();
-            $output = "<iframe id='".$htmlid."' src=\"". htmlReady($url). "\" style=\"width: 100%; height: 70vh; border: none;\"></iframe>";
+            $output = "<iframe sandbox=\"allow-forms allow-popups allow-pointer-lock allow-same-origin allow-scripts\" id='".$htmlid."' src=\"". htmlReady($url). "\" style=\"width: 100%; height: 70vh; border: none;\"></iframe>";
 
             return $output;
         }
 
         $tf = new Flexi_TemplateFactory($GLOBALS['STUDIP_BASE_PATH']."/app/views");
-        if ($material['player_url'] || $material->isPDF()) {
+        if ($material->hasValidPreviewUrl() || $material->isPDF()) {
             $template = $tf->open("oer/embed/url");
         } elseif ($material->isVideo()) {
             $template = $tf->open("oer/embed/video");
@@ -363,6 +363,24 @@ class OERMaterial extends SimpleORMap
         return (bool) $this['structure'];
     }
 
+    /**
+     * Checks the URL scheme of the preview URL (player_url).
+     * HTTP, HTTPS, Gopher and Gemini are supported schemes.
+     *
+     * @return bool True, if the URL scheme matches the allowced ones,
+     *     false otherwise.
+     */
+    public function hasValidPreviewUrl() : bool
+    {
+        if ($this->player_url) {
+            $scheme = parse_url($this->player_url, PHP_URL_SCHEME);
+            if (in_array($scheme, ['http', 'https'])) {
+                return true;
+            }
+        }
+        return false;
+    }
+
     public function isImage()
     {
         return stripos($this['content_type'], "image") === 0;