diff --git a/express/code/scripts/utils.js b/express/code/scripts/utils.js
index 1782898c8..a63c7dc24 100644
--- a/express/code/scripts/utils.js
+++ b/express/code/scripts/utils.js
@@ -20,6 +20,7 @@ export const [setLibs, getLibs] = (() => {
         const { hostname, search } = location || window.location;
         if (!['.aem.', '.hlx.', '.stage.', 'local', '.da.'].some((i) => hostname.includes(i))) return prodLibs;
         const branch = new URLSearchParams(search).get('milolibs') || 'main';
+        if (!/^[a-zA-Z0-9_-]+$/.test(branch)) throw new Error('Invalid branch name.');
         if (branch === 'local') return 'http://localhost:6456/libs';
         if (branch === 'main' && hostname.includes('.stage.')) return '/libs';
         return branch.includes('--') ? `https://${branch}.aem.live/libs` : `https://${branch}--milo--adobecom.aem.live/libs`;