diff --git a/packages/app-desktop/gui/note-viewer/index.html b/packages/app-desktop/gui/note-viewer/index.html
index 374ad60ade..55531e1fd7 100644
--- a/packages/app-desktop/gui/note-viewer/index.html
+++ b/packages/app-desktop/gui/note-viewer/index.html
@@ -733,6 +733,13 @@
 		}));
 
 		document.addEventListener('click', webviewLib.logEnabledEventHandler(e => {
+			// Links should all have custom click handlers. Allowing Electron to load custom links
+			// can cause security issues, particularly if these links have the same domain as the
+			// top-level page.
+			if (e.target.hasAttribute('href')) {
+				e.preventDefault();
+			}
+
 			document.querySelectorAll('.media-pdf').forEach(element => {
 				if(!!element.contentWindow){
 					element.contentWindow.postMessage({