Tel, mailto, sms link been santized


I want to make a query to show customer’s feedbacks together with their cellphone numbers so the staff can communicate with them.

to make the process more efficient, i concat the hyperlink block like <a href="tel:xxxxxxxx">name</a>, but the href is always missing in the webpage (but preserved in the downloaded dataset).

after further investigation, i found the code which is responsible for that:


which i should at least add tel, sms, mailto, what do you think?


I’m not sure what precisely the setting REDASH_ALLOW_SCRIPTS_IN_USER_INPUT does, but it might help with what you are looking for.



As I checked code, REDASH_ALLOW_SCRIPTS_IN_USER_INPUT only matters where the markdown renders, nothing to do with the html tag in the result.

as @arikfr mentioned above, I made a pull request and has been merged into the master already, the issue has been solved.