diff --git a/commons-component-common/src/main/java/org/exoplatform/commons/utils/HTMLSanitizer.java b/commons-component-common/src/main/java/org/exoplatform/commons/utils/HTMLSanitizer.java
index db5bfa9b13..660f38272b 100644
--- a/commons-component-common/src/main/java/org/exoplatform/commons/utils/HTMLSanitizer.java
+++ b/commons-component-common/src/main/java/org/exoplatform/commons/utils/HTMLSanitizer.java
@@ -157,6 +157,8 @@ abstract public class HTMLSanitizer {
"onmouseup")
.matching(HISTORY_BACK)
.onElements("a")
+ .allowStandardUrlProtocols()
+ .allowUrlProtocols("tel","ftp")
.requireRelNofollowOnLinks()
.allowAttributes("src")
.matching(ONSITE_OR_OFFSITE_URL)
diff --git a/commons-component-common/src/test/java/org/exoplatform/commons/utils/HTMLSanitizerTest.java b/commons-component-common/src/test/java/org/exoplatform/commons/utils/HTMLSanitizerTest.java
index f188685366..279a93d0b5 100644
--- a/commons-component-common/src/test/java/org/exoplatform/commons/utils/HTMLSanitizerTest.java
+++ b/commons-component-common/src/test/java/org/exoplatform/commons/utils/HTMLSanitizerTest.java
@@ -117,4 +117,11 @@ public void testAllowedSpecialCharactersLinks(){
}
assertEquals("https://www.economie.gouv.fr/entreprises/changement-janvier-2022?xtor=ES-29-[BIE_292_20220106]-20220106-[https://www.economie.gouv.fr/entreprises/changement-janvier-2022]", sanitized);
}
+
+ @Test
+ public void testAllowPhoneLinks() throws Exception {
+ String input = "link";
+ String sanitized = HTMLSanitizer.sanitize(input);
+ assertEquals("link", sanitized);
+ }
}