diff --git a/src/routes/postSkipSegments.ts b/src/routes/postSkipSegments.ts
index 492e5dc..e871c15 100644
--- a/src/routes/postSkipSegments.ts
+++ b/src/routes/postSkipSegments.ts
@@ -324,6 +324,15 @@ function checkInvalidFields(videoID: any, userID: any, segments: Array<any>): Ch
     if (!Array.isArray(segments) || segments.length < 1) {
         invalidFields.push("segments");
     }
+    // validate start and end times (no : marks)
+    for (const segmentPair of segments) {
+        const startTime = segmentPair.segment[0];
+        const endTime = segmentPair.segment[1];
+        if ((typeof startTime === "string" && startTime.includes(":")) ||
+            (typeof endTime === "string" && endTime.includes(":"))) {
+            invalidFields.push("segment time");
+        }
+    }
 
     if (invalidFields.length !== 0) {
         // invalid request
diff --git a/test/cases/postSkipSegments.ts b/test/cases/postSkipSegments.ts
index b6643c2..de502e1 100644
--- a/test/cases/postSkipSegments.ts
+++ b/test/cases/postSkipSegments.ts
@@ -987,4 +987,26 @@ describe("postSkipSegments", () => {
             })
             .catch(err => done(err));
     });
+
+    it("Should not be able to submit with colons in timestamps", (done: Done) => {
+        fetch(`${getbaseURL()}/api/postVideoSponsorTimes`, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json"
+            },
+            body: JSON.stringify({
+                userID: "testtesttesttesttesttesttesttesttest",
+                videoID: "colon-1",
+                segments: [{
+                    segment: ["0:2.000", "3:10.392"],
+                    category: "sponsor",
+                }]
+            }),
+        })
+            .then(async res => {
+                assert.strictEqual(res.status, 400);
+                done();
+            })
+            .catch(err => done(err));
+    });
 });