Non-http URL schemes in Markdown cells

[damiendr]

I use URLs like these to link to scientific papers in my Papers2 library:
papers2://publication/citekey/Polsky:2004jc

In the notebook, the following results in a clickable URL:

%%HTML
<a href="papers2://publication/citekey/Polsky:2004jc">Polsky:2014jc</a>

But in a Markdown cell, this doesn't work (link is underlined but nothing happens when clicked):

[Polsky:2004jc](papers2://publication/citekey/Polsky:2004jc)

Indeed the page source shows it was rendered as <a>Polsky:2004jc</a>. Changing the scheme to http causes a href attribute to appear (not fit for the original purpose obviously).

I tested it in the current version of marked and the link renders properly. Is that a security setting? The notebook is trusted.

[minrk]

This is likely due to the sanitization by caja. We should investigate whether it is doing protocol whitelisting, and if we can disable it.

[JamiesHQ]

@minrk : hi there- do you have any updates on this bug report? Does the bug still exist or can this issue be closed? Thanks!

[mpacer]

How is the current attachment: protocol being handled? Is that a fundamentally different problem since it's related to mimetypes?

[gnestor]

Would it compromise notebook security to allow a elements with any href value? If not, simply adding a ATTRIBS['a::href'] = 0; after this line will do the trick...