diff --git a/webapp/src/utils.test.ts b/webapp/src/utils.test.ts
index ce316df9e..0e6760747 100644
--- a/webapp/src/utils.test.ts
+++ b/webapp/src/utils.test.ts
@@ -25,7 +25,7 @@ describe('utils', () => {
 
     describe('htmlFromMarkdown', () => {
         test('should not allow XSS on links href on the webapp', () => {
-            expect(Utils.htmlFromMarkdown('[]("xss-attack="true"other="whatever)')).toBe('<p><a target="_blank" rel="noreferrer" href="%22xss-attack=%22true%22other=%22whatever" title="" ></a></p>')
+            expect(Utils.htmlFromMarkdown('[]("xss-attack="true"other="whatever)')).toBe('<p><a target="_blank" rel="noreferrer" href="%22xss-attack=%22true%22other=%22whatever" title="" onclick="event.stopPropagation();"></a></p>')
         })
 
         test('should not allow XSS on links href on the desktop app', () => {
diff --git a/webapp/src/utils.ts b/webapp/src/utils.ts
index a5764e113..5b57db1bc 100644
--- a/webapp/src/utils.ts
+++ b/webapp/src/utils.ts
@@ -151,7 +151,7 @@ class Utils {
                 'rel="noreferrer" ' +
                 `href="${encodeURI(href || '')}" ` +
                 `title="${title ? encodeURI(title) : ''}" ` +
-                ((window as any).openInNewBrowser ? 'onclick="event.stopPropagation(); openInNewBrowser && openInNewBrowser(event.target.href);"' : '') +
+                `onclick="event.stopPropagation();${((window as any).openInNewBrowser ? ' openInNewBrowser && openInNewBrowser(event.target.href);' : '')}"` +
             '>' + contents + '</a>'
         }
         const html = marked(text.replace(/</g, '&lt;'), {renderer, breaks: true})