diff --git a/packages/markdown/src/secureDOMPurify.js b/packages/markdown/src/secureDOMPurify.js
index 4deee4d23..6eb801b9c 100644
--- a/packages/markdown/src/secureDOMPurify.js
+++ b/packages/markdown/src/secureDOMPurify.js
@@ -14,7 +14,7 @@ export function getSecureDOMPurifyConfig() {
     ],
     // Block dangerous attributes that can cause XSS and CSS injection
     FORBID_ATTR: [
-      'xlink:href', 'href', 'onload', 'onerror', 'onclick', 'onmouseover',
+      'xlink:href', 'onload', 'onerror', 'onclick', 'onmouseover',
       'onfocus', 'onblur', 'onchange', 'onsubmit', 'onreset', 'onselect',
       'onunload', 'onresize', 'onscroll', 'onkeydown', 'onkeyup', 'onkeypress',
       'onmousedown', 'onmouseup', 'onmouseover', 'onmouseout', 'onmousemove',