Tel, mailto, sms link been santized


#1

I want to make a query to show customer’s feedbacks together with their cellphone numbers so the staff can communicate with them.

to make the process more efficient, i concat the hyperlink block like <a href="tel:xxxxxxxx">name</a>, but the href is always missing in the webpage (but preserved in the downloaded dataset).

after further investigation, i found the code which is responsible for that: https://github.com/getredash/redash/blob/master/client/app/index.js#L5

$compileProvider.aHrefSanitizationWhitelist(/^\s*(https?|http|data):/);

which i should at least add tel, sms, mailto, what do you think?


#2

I’m not sure what precisely the setting REDASH_ALLOW_SCRIPTS_IN_USER_INPUT does, but it might help with what you are looking for.


#3

#4

As I checked code, REDASH_ALLOW_SCRIPTS_IN_USER_INPUT only matters where the markdown renders, nothing to do with the html tag in the result.

as @arikfr mentioned above, I made a pull request and has been merged into the master already, the issue has been solved.