<a> tag contextual link broken

Problem/Motivation

The latest security fix removes the data-href attribute from <a> tags thus breaking contextual consent for links.

Steps to reproduce

Following link should work, after cookies (with service chatbot) accepted:

  <a data-name="chatbot" data-href="/live-chat-url">
    Chat with Support
  </a>

But it does not with the latest fix.

Proposed resolution

Instead of removing the attribute, just check if it's a valid URL. If not valid URL, replace with #.

Remaining tasks

User interface changes

API changes

Data model changes