diff --git a/resources/static/test/cases/dialog/js/modules/dialog.js b/resources/static/test/cases/dialog/js/modules/dialog.js
index 052f05da04812b546db6305620948d3f5df232f7..ed9dfc8bf9ae25b225806b77849631b5c357723e 100644
--- a/resources/static/test/cases/dialog/js/modules/dialog.js
+++ b/resources/static/test/cases/dialog/js/modules/dialog.js
@@ -614,6 +614,23 @@
     });
   });
 
+  asyncTest("get with a scheme-relative siteLogo URL - not allowed", function() {
+    createController({
+      ready: function() {
+        mediator.subscribe("start", function(msg, info) {
+          ok(false, "start should not have been called");
+        });
+
+        var retval = controller.get(HTTPS_TEST_DOMAIN, {
+          siteLogo: "//example.com/image.png"
+        });
+
+        equal(retval, "must be an absolute path: (//example.com/image.png)", "expected error");
+        testErrorVisible();
+        start();
+      }
+    });
+  });
 
   asyncTest("get with returnTo with https - not allowed", function() {
     createController({
@@ -635,6 +652,24 @@
     });
   });
 
+  asyncTest("get with a scheme-relative returnTo URL - not allowed", function() {
+    createController({
+      ready: function() {
+        mediator.subscribe("start", function(msg, info) {
+          ok(false, "unexpected start");
+        });
+
+        var retval = controller.get(HTTP_TEST_DOMAIN, {
+          returnTo: '//example.com/return'
+        });
+
+        equal(retval, "must be an absolute path: (//example.com/return)", "expected error");
+        testErrorVisible();
+        start();
+      }
+    });
+  });
+
   asyncTest("get with absolute path returnTo - allowed", function() {
     createController({
       ready: function() {