diff --git a/repository/url/lib.php b/repository/url/lib.php
index a65a7fc5451..b46457ae00f 100644
--- a/repository/url/lib.php
+++ b/repository/url/lib.php
@@ -38,6 +38,10 @@ require_once(__DIR__.'/locallib.php');
 class repository_url extends repository {
     /** @var int Maximum time of recursion. */
     const MAX_RECURSION_TIME = 5;
+    /** @var int Maximum number of CSS imports. */
+    protected const MAX_CSS_IMPORTS = 10;
+    /** @var int CSS import counter. */
+    protected int $cssimportcounter = 0;
     var $processedfiles = array();
     /** @var int Recursion counter. */
     var $recursioncounter = 0;
@@ -134,8 +138,8 @@ EOD;
             // Avoid endless recursion for the same URL with same parameters.
             return;
         }
-        // Remove the query string before check.
-        $recursioncheckurl = preg_replace('/\?.*/', '', $url);
+        // Remove the query string and anchors before check.
+        $recursioncheckurl = (new moodle_url($url))->out_omit_querystring();
         if (in_array($recursioncheckurl, $this->processedfiles)) {
             $this->recursioncounter++;
         }
@@ -200,6 +204,11 @@ EOD;
                 }
                 if (!empty($urls['import'])) {
                     foreach ($urls['import'] as $cssurl) {
+                        // Limit the number of CSS imports to avoid infinite imports.
+                        if ($this->cssimportcounter >= self::MAX_CSS_IMPORTS) {
+                            return;
+                        }
+                        $this->cssimportcounter++;
                         $this->parse_file($info['url'], $cssurl, $list);
                     }
                 }