locked
HyperLink with tel: NavigateUrl RRS feed

  • Question

  • User1164333759 posted

    I ran into a problem on some of my web sites yesterday where HyperLink controls that had 'tel:phonenumber' NavigateUrl values were getting converted to a link relative to the current page (as if the NavigateUrl had the '~' prefix. Did something change with how HyperLink interprets its NavigateUrl field?

    Wednesday, June 26, 2019 1:03 PM

All replies

  • User-719153870 posted

    Hi henrik32259,

    The Hyperlink control will be rendered as <a> tag in the HTML page, and its NavigateUrl attribute will be changed to the href attribute of <a> tag.

    You can find the corresponding <a> tag in the Elements tab of DevTools by pressing F12 on your page.

    According to your description, I made a demo, but I can't reproduce your problem.

    If you can, please provide more relevant code, your browser and its version you use, so I may be able to help you more.

    Below is my demo codes:

    <html xmlns="http://www.w3.org/1999/xhtml">
    <head runat="server">
        <title></title>
    </head>
    <body>
        <form id="form1" runat="server">
            <div>
                <asp:HyperLink ID="HyperLink1" runat="server" NavigateUrl="tel:phonenumber">HyperLink</asp:HyperLink>
            </div>
        </form>
    </body>
    </html>

    Best Regard,

    Yang Shen

    Thursday, June 27, 2019 7:06 AM
  • User1164333759 posted

    Yang,

    I found the problem when I tried to recreate the problem in a really simple page.

    Here is my test page:

    <%@ Page Title="" Language="C#" MasterPageFile="~/MasterPage.master" %>
    
    <script runat="server">
    
    </script>
    
    <asp:Content ID="Content1" ContentPlaceHolderID="head" Runat="Server">
    </asp:Content>
    <asp:Content ID="Content2" ContentPlaceHolderID="ContentPlaceHolder1" Runat="Server">
       <asp:HyperLink ID="HyperLink1" runat="server" NavigateUrl="tel:123-456-7890">123-456-7890</asp:HyperLink>
    </asp:Content>

    That worked until I added some of the web.config changes from the sites where I was seeing the problem.

    When I added a mention of the AntiXss.AntiXssEncoder encoder the problem showed up:

       <system.web>
          <compilation debug="false" targetFramework="4.7.2"/>
          <httpRuntime encoderType="System.Web.Security.AntiXss.AntiXssEncoder, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
       </system.web>
    

    In my test the hyperlink becomes 'localhost/test/tel%%3A123-456-7890'

    Thursday, June 27, 2019 12:54 PM
  • User-719153870 posted

    Hi henrik32259,

    Thank you for your code and description of the problem. I used your code to build a demo and i might have produced the problem like below:

    The reason for this problem may be that you encrypted the hyperlink href using the System. Web. Security. AntiXss. AntiXssEncoder class. This encrypt ":" to "%3A" and the browser connects it to Url under your website when parsing this url. 

    You can use JS to add NavigateUrl attribute to Hyperlink.

    Or you can just change the 'tel:123-456-7890' to 'tel://123-456-7890' in the simple way.

    Please refer to below codes:

    ASPX:

    <%@ Page Title="" Language="C#" MasterPageFile="~/MasterPage.Master" AutoEventWireup="true" CodeBehind="WebForm1.aspx.cs" Inherits="WebformDemo05.WebForm1" %>
    <asp:Content ID="Content1" ContentPlaceHolderID="head" runat="server">
    </asp:Content>
    <asp:Content ID="Content2" ContentPlaceHolderID="ContentPlaceHolder1" runat="server">
        <script type="text/javascript">
            function phone(date) {
                window.location.href = 'tel://' + date;
            }
        </script>
        <asp:HyperLink ID="HyperLink1" runat="server" NavigateUrl="javascript:phone('+123-456-7890+')" >123-456-7890</asp:HyperLink>
        <asp:HyperLink ID="HyperLink2" runat="server" NavigateUrl="Default.aspx" >Default.aspx</asp:HyperLink>
        <asp:HyperLink ID="HyperLink3" runat="server" NavigateUrl="mailto:123@123.com" >123@123.com</asp:HyperLink>
        <asp:HyperLink ID="HyperLink4" runat="server" NavigateUrl="tel:123-456-7890" >123-456-7890</asp:HyperLink>
    </asp:Content>

    Web.config:

    <system.web>
        <compilation debug="true" targetFramework="4.7.2"/>
        <httpRuntime targetFramework="4.7.2" encoderType="System.Web.Security.AntiXss.AntiXssEncoder, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" requestPathInvalidCharacters="&lt;,&gt;,*,%,&amp;" />
    </system.web>

    Here is result of my demo:

    Best Regard,

    Yang Shen

    Friday, June 28, 2019 2:13 AM
  • User1164333759 posted

    Yes, I agree the AntiXss library is the cause and I liked your proposed workarounds. I switched to using a standard <a> tag instead of the ASP.NET hyperlink to avoid the problem.

    What I think is odd is that the AntiXss library doesn't mangle the mailto: hyperlink like it does the tel:

    Friday, June 28, 2019 2:47 PM
  • User753101303 posted

    This is the one found at https://referencesource.microsoft.com ? It might allow to understand (it filters out only some known protocols maybe). A possible option might be to wrap this so that it ignores the tel protocol maybe ?

    Friday, June 28, 2019 7:07 PM