diff --git a/src/HtmlUtils.js b/src/HtmlUtils.js index b8a1c63dfb..b306eab23c 100644 --- a/src/HtmlUtils.js +++ b/src/HtmlUtils.js @@ -172,7 +172,7 @@ const sanitizeHtmlParams = { // Lots of these won't come up by default because we don't allow them selfClosing: ['img', 'br', 'hr', 'area', 'base', 'basefont', 'input', 'link', 'meta'], // URL schemes we permit - allowedSchemes: ['http', 'https', 'ftp', 'mailto'], + allowedSchemes: ['http', 'https', 'ftp', 'mailto', 'magnet'], allowProtocolRelative: false,