Custom URI schemes are sanitised with rel=nofollow

[darthoctopus]

Describe the bug

I am trying to replace my current markdown-oriented note-taking workflow with inline markdown cells in Jupyter notebooks. Part of this workflow involves links to PDF files in Zotero, which are effected with a custom URI protocol. For example, the following link: [Ahlborn+ (2020)](zotero://open-pdf/0_VCI8KREJ/3) opens page 3 of a specific document in Zotero.

However, the above markdown snippet gets turned into an empty <a> element with no href attribute and with rel="nofollow" set. I imagine this is because of overly aggressive sanitisation of the generated HTML. Is there any way to tune this?

I understand that this is related to a similar issue with JupyterLab: https://github.com/jupyterlab/jupyterlab/issues/7384

To Reproduce Steps to reproduce the behavior:

Render [Ahlborn+ (2020)](zotero://open-pdf/0_VCI8KREJ/3) in a Markdown cell

Expected behavior A link with the custom URI scheme appears

Desktop (please complete the following information):

• OS: Linux
• Browser: Firefox
• Version: 100

[RRosio]

Hi @darthoctopus since Notebook 6 uses the Jupyterlab sanitizer, a fix in Jupyterlab as suggested here https://github.com/jupyterlab/jupyterlab/issues/7384#issuecomment-1192816765 would solve this issue for Notebook as well.

[kostyafarber]

Fix implemented here https://github.com/jupyterlab/jupyterlab/pull/13341 @RRosio

[darthoctopus]

given that I don't use jupyterlab, is there any way I can set these configuration options in nbconfig/notebook.json, for example? if not, then that isn't really a fix for this notebook issue…