From bbbd3abf06e45a3fa57c4aa987d87f1873eb11d6 Mon Sep 17 00:00:00 2001
From: Lauri Ojansivu <x@xet7.org>
Date: Thu, 16 Oct 2025 17:47:59 +0300
Subject: [PATCH] Try to fix Broken Hyperlinks in Markdown to HTML conversion.

Thanks to xet7 !

Fixes #5932
---
 packages/markdown/src/secureDOMPurify.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/markdown/src/secureDOMPurify.js b/packages/markdown/src/secureDOMPurify.js
index 4deee4d23..6eb801b9c 100644
--- a/packages/markdown/src/secureDOMPurify.js
+++ b/packages/markdown/src/secureDOMPurify.js
@@ -14,7 +14,7 @@ export function getSecureDOMPurifyConfig() {
     ],
     // Block dangerous attributes that can cause XSS and CSS injection
     FORBID_ATTR: [
-      'xlink:href', 'href', 'onload', 'onerror', 'onclick', 'onmouseover',
+      'xlink:href', 'onload', 'onerror', 'onclick', 'onmouseover',
       'onfocus', 'onblur', 'onchange', 'onsubmit', 'onreset', 'onselect',
       'onunload', 'onresize', 'onscroll', 'onkeydown', 'onkeyup', 'onkeypress',
       'onmousedown', 'onmouseup', 'onmouseover', 'onmouseout', 'onmousemove',