Some of our customers like adding tel: to a href tags. This way people can phone them by clicking on links.

Recently they’ve complained that those tags stopped working.

I navigated to the page, and it turned out the link in rendered Razor page has no target:

2023 12 18 tel href not working

After some digging I’ve found out we use: Ganss.XSS.HtmlSanitizer. In the code we initialize it with:

private static HtmlSanitizer _htmlSanitizerWithTags => new HtmlSanitizer(
             allowedAttributes: DefaultAllowedAttributes,
			 allowedTags: AllowedTagsWithIframe,
             allowedSchemes: AllowedSchemas);

The sanitizer is created with allowedSchemes property that contains what can be put into a href tag. It’s as “easy” as “just” adding tel to the list of allowed schemas:

private static ISet<string> AllowedSchemas
        {
            get
            {
                var allowedSchemas = new HashSet<string>(HtmlSanitizer.DefaultAllowedSchemes);
                allowedSchemas.Add("mailto");
                allowedSchemas.Add("tel");
                return allowedSchemas;
            }
        };