boutell
commented
3 years ago You could do that by configuring the allowedSchemes option, so please see the documentation on that.
However you will need to use the "filter" feature to make sure you don't actually allow all javascript links through, otherwise it is an XSS attack vector (cross site scripting, i.e. users can paste javascript which potentially runs for other users).
I am having an issue where my a tag looks something like this:
<a href="JavaScript: event_info = openWin('/website/example/test/1/2/3/test, 'eventinfo', 'width=800,height=600,toolbar=1,location=0,directories=0,status=0,menuBar=0,scrollBars=1,resizable=1' ); event_info.focus()">I need to access this attribute, but I cannot retrieve it since it does not have a valid URL scheme according to santize-html. Can anyone help with this?