From c6d45e7a5c21bc58c8fced496422a8a084cb82de Mon Sep 17 00:00:00 2001
From: AnnMarueW <amward@fastmail.com>
Date: Fri, 9 Feb 2024 14:14:05 -0800
Subject: [PATCH 1/2] Check href before sanitize url

---
 .../src/components/Link.react.js                    |  6 ++++--
 tests/integration/security/test_xss.py              | 13 +++++++++++++
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/components/dash-core-components/src/components/Link.react.js b/components/dash-core-components/src/components/Link.react.js
index 8fe8c186ec..dba962af94 100644
--- a/components/dash-core-components/src/components/Link.react.js
+++ b/components/dash-core-components/src/components/Link.react.js
@@ -46,7 +46,9 @@ const Link = props => {
         refresh,
         setProps,
     } = props;
-    const sanitizedUrl = useMemo(() => sanitizeUrl(href), [href]);
+    const sanitizedUrl = useMemo(() => {
+        return href ? sanitizeUrl(href) : undefined;
+    }, [href]);
 
     const updateLocation = e => {
         const hasModifiers = e.metaKey || e.shiftKey || e.altKey || e.ctrlKey;
@@ -70,7 +72,7 @@ const Link = props => {
     };
 
     useEffect(() => {
-        if (sanitizedUrl !== href) {
+        if (sanitizedUrl && sanitizedUrl !== href) {
             setProps({
                 _dash_error: new Error(`Dangerous link detected:: ${href}`),
             });
diff --git a/tests/integration/security/test_xss.py b/tests/integration/security/test_xss.py
index f0995fd4f9..545fb01a90 100644
--- a/tests/integration/security/test_xss.py
+++ b/tests/integration/security/test_xss.py
@@ -45,3 +45,16 @@ def test_xss001_banned_protocols(dash_duo):
         assert (
             element.get_attribute(prop) == "about:blank"
         ), f"Failed prop: {element_id}.{prop}"
+
+
+def test_xss002_blank_href(dash_duo):
+    app = Dash()
+
+    app.layout = html.Div(dcc.Link("dcc-link", href="", id="dcc-link-no-href"))
+
+    dash_duo.start_server(app)
+
+    element = dash_duo.find_element("#dcc-link-no-href")
+    assert element.get_attribute("href") is None
+
+    assert dash_duo.get_logs() == []

From a17a2c7b600d40e71c16ef654a470bcb73c071c9 Mon Sep 17 00:00:00 2001
From: AnnMarueW <amward@fastmail.com>
Date: Fri, 9 Feb 2024 14:36:34 -0800
Subject: [PATCH 2/2] Changelog for 2756

---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4740f5523a..6c6d58e181 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,10 @@ This project adheres to [Semantic Versioning](https://semver.org/).
 
 ## [UNRELEASED]
 
+## Fixed
+
+- [#2756](https://github.com/plotly/dash/pull/2756) Prevent false dangerous link warning. Fixes [#2743](https://github.com/plotly/dash/issues/2743)
+
 ## Changed
 
 - [#2734](https://github.com/plotly/dash/pull/2734) Configure CI for Python 3.10 [#1863](https://github.com/plotly/dash/issues/1863)