diff --git a/packages/react/src/util/sanitizeUrl.ts b/packages/react/src/util/sanitizeUrl.ts
index 08282055ee..98d7f0e9e7 100644
--- a/packages/react/src/util/sanitizeUrl.ts
+++ b/packages/react/src/util/sanitizeUrl.ts
@@ -8,8 +8,12 @@ export function sanitizeUrl(inputUrl: string, baseUrl: string): string {
   try {
     const url = new URL(inputUrl, baseUrl);
 
-    // eslint-disable-next-line no-script-url -- false positive, we are explicitly checking if the protocol is safe to prevent XSS
-    if (url.protocol !== "javascript:") {
+    if (
+      // eslint-disable-next-line no-script-url -- false positive, we are explicitly checking if the protocol is safe to prevent XSS
+      url.protocol !== "javascript:" &&
+      url.protocol !== "data:" &&
+      url.protocol !== "vbscript:"
+    ) {
       return url.href;
     }
   } catch (error) {