diff --git a/.cspell/code-terms.txt b/.cspell/code-terms.txt
index 5f72ea22130..8b44cbb9c68 100644
--- a/.cspell/code-terms.txt
+++ b/.cspell/code-terms.txt
@@ -89,6 +89,7 @@ MULT
 NODIR
 NSTR
 outdir
+parsererror
 Qcontrolx
 QSTR
 reinit
diff --git a/.gitignore b/.gitignore
index 7eb55d5cbab..7931d1ed618 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,6 +8,7 @@ coverage/
 
 dist
 v8-compile-cache-0
+node-compile-cache/
 
 yarn-error.log
 .npmrc
diff --git a/demos/sandboxBaseUrl-test.html b/demos/sandboxBaseUrl-test.html
new file mode 100644
index 00000000000..3bec452da2b
--- /dev/null
+++ b/demos/sandboxBaseUrl-test.html
@@ -0,0 +1,294 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>sandboxBaseUrl Feature Test</title>
+    <style>
+      body {
+        font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+        max-width: 1200px;
+        margin: 0 auto;
+        padding: 20px;
+        background: #f5f5f5;
+      }
+      h1,
+      h2 {
+        color: #333;
+      }
+      .test-section {
+        background: white;
+        border-radius: 8px;
+        padding: 20px;
+        margin: 20px 0;
+        box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);
+      }
+      .description {
+        background: #e8f4fd;
+        border-left: 4px solid #1890ff;
+        padding: 10px 15px;
+        margin: 10px 0;
+      }
+      .warning {
+        background: #fff7e6;
+        border-left: 4px solid #fa8c16;
+        padding: 10px 15px;
+        margin: 10px 0;
+      }
+      .success {
+        background: #f6ffed;
+        border-left: 4px solid #52c41a;
+        padding: 10px 15px;
+        margin: 10px 0;
+      }
+      pre {
+        background: #282c34;
+        color: #abb2bf;
+        padding: 15px;
+        border-radius: 4px;
+        overflow-x: auto;
+      }
+      .diagram-container {
+        border: 1px solid #ddd;
+        padding: 10px;
+        margin: 10px 0;
+        min-height: 100px;
+      }
+    </style>
+  </head>
+  <body>
+    <h1>🧪 sandboxBaseUrl Feature Test</h1>
+
+    <div class="description">
+      <strong>What this tests:</strong> The <code>sandboxBaseUrl</code> config option enables
+      relative URLs in diagram links to work correctly when using
+      <code>securityLevel: 'sandbox'</code>.
+    </div>
+
+    <div class="warning">
+      <strong>Before testing:</strong> You need to build mermaid first. Run from the repo root:
+      <pre>pnpm install && pnpm build</pre>
+    </div>
+
+    <!-- Test 1: With sandboxBaseUrl -->
+    <div class="test-section">
+      <h2>Test 1: With sandboxBaseUrl (should work)</h2>
+      <div class="success">
+        <strong>Expected:</strong> Clicking "Details Page" should navigate to the resolved URL
+        (shown in browser console). Clicking "GitHub" should open GitHub.
+      </div>
+      <div class="diagram-container">
+        <pre class="mermaid-with-base">
+flowchart TD
+    A[Home Page] --> B[Details Page]
+    A --> C[GitHub]
+
+    click A "./" "Go to current directory"
+    click B "./details.html" "View details page"
+    click C "https://github.com/mermaid-js/mermaid" "View GitHub"
+      </pre
+        >
+      </div>
+    </div>
+
+    <!-- Test 2: Without sandboxBaseUrl -->
+    <div class="test-section">
+      <h2>Test 2: Without sandboxBaseUrl (relative links won't work)</h2>
+      <div class="warning">
+        <strong>Expected:</strong> Clicking "Details Page" will fail (navigate to
+        about:blank#blocked). Clicking "GitHub" should still work (absolute URL).
+      </div>
+      <div class="diagram-container">
+        <pre class="mermaid-without-base">
+flowchart TD
+    A[Home Page] --> B[Details Page]
+    A --> C[GitHub]
+
+    click A "./" "Go to current directory"
+    click B "./details.html" "View details page"
+    click C "https://github.com/mermaid-js/mermaid" "View GitHub"
+      </pre
+        >
+      </div>
+    </div>
+
+    <!-- Test 3: Various URL types -->
+    <div class="test-section">
+      <h2>Test 3: Various URL Types with sandboxBaseUrl</h2>
+      <div class="description">
+        Tests different URL patterns: relative (./, ../), absolute (/), hash (#), and external
+        (https://)
+      </div>
+      <div class="diagram-container">
+        <pre class="mermaid-url-types">
+flowchart LR
+    A[Relative ./] --> B[Parent ../]
+    B --> C[Absolute /]
+    C --> D[Hash #section]
+    D --> E[External URL]
+
+    click A "./page.html" "Relative path"
+    click B "../parent.html" "Parent directory"
+    click C "/root.html" "Absolute path"
+    click D "#test-section" "Hash link"
+    click E "https://mermaid.js.org" "External site"
+      </pre
+        >
+      </div>
+    </div>
+
+    <!-- Test 4: Non-sandbox mode comparison -->
+    <div class="test-section">
+      <h2>Test 4: Strict Mode (non-sandbox) - Links Disabled</h2>
+      <div class="description">
+        In <code>strict</code> mode, click functionality is disabled entirely (this is expected
+        behavior).
+      </div>
+      <div class="diagram-container">
+        <pre class="mermaid-strict">
+flowchart TD
+    A[Click me] --> B[Won't work]
+    click A "https://github.com" "This link is disabled in strict mode"
+      </pre
+        >
+      </div>
+    </div>
+
+    <div class="test-section">
+      <h2>Console Output</h2>
+      <div class="description">
+        Check the browser console (F12) for resolved URLs and any errors.
+      </div>
+      <div
+        id="console-output"
+        style="
+          background: #1e1e1e;
+          color: #d4d4d4;
+          padding: 15px;
+          font-family: monospace;
+          min-height: 100px;
+          border-radius: 4px;
+        "
+      >
+        Waiting for mermaid to load...
+      </div>
+    </div>
+
+    <!-- Load mermaid from local build -->
+    <script src="../packages/mermaid/dist/mermaid.min.js"></script>
+
+    <script>
+      const consoleOutput = document.getElementById('console-output');
+      let consoleCleared = false;
+      function log(msg, type = 'info') {
+        // Clear initial placeholder text on first log
+        if (!consoleCleared) {
+          consoleOutput.textContent = '';
+          consoleCleared = true;
+        }
+        const colors = { info: '#61afef', error: '#e06c75', success: '#98c379' };
+        const time = new Date().toLocaleTimeString();
+        // Use DOM manipulation instead of innerHTML to prevent XSS
+        const div = document.createElement('div');
+        div.style.color = colors[type];
+        div.textContent = '[' + time + '] ' + msg;
+        consoleOutput.appendChild(div);
+        console.log(msg);
+      }
+
+      // Get the base URL for testing
+      const baseUrl = window.location.href.replace(/\/[^\/]*$/, '/');
+      log(`Base URL for testing: ${baseUrl}`, 'info');
+
+      // Test 1: With sandboxBaseUrl
+      try {
+        log('Initializing Test 1: sandbox mode WITH sandboxBaseUrl...', 'info');
+        mermaid.initialize({
+          startOnLoad: false,
+          securityLevel: 'sandbox',
+          sandboxBaseUrl: baseUrl,
+          flowchart: { htmlLabels: false },
+        });
+
+        const el1 = document.querySelector('.mermaid-with-base');
+        mermaid.render('diagram-with-base', el1.textContent).then(({ svg }) => {
+          el1.innerHTML = svg;
+          log('Test 1 rendered successfully with sandboxBaseUrl', 'success');
+        });
+      } catch (e) {
+        log(`Test 1 error: ${e.message}`, 'error');
+      }
+
+      // Test 2: Without sandboxBaseUrl
+      setTimeout(() => {
+        try {
+          log('Initializing Test 2: sandbox mode WITHOUT sandboxBaseUrl...', 'info');
+          mermaid.initialize({
+            startOnLoad: false,
+            securityLevel: 'sandbox',
+            // sandboxBaseUrl is NOT set
+            flowchart: { htmlLabels: false },
+          });
+
+          const el2 = document.querySelector('.mermaid-without-base');
+          mermaid.render('diagram-without-base', el2.textContent).then(({ svg }) => {
+            el2.innerHTML = svg;
+            log('Test 2 rendered (relative links will fail)', 'info');
+          });
+        } catch (e) {
+          log(`Test 2 error: ${e.message}`, 'error');
+        }
+      }, 500);
+
+      // Test 3: URL types
+      setTimeout(() => {
+        try {
+          log('Initializing Test 3: various URL types...', 'info');
+          mermaid.initialize({
+            startOnLoad: false,
+            securityLevel: 'sandbox',
+            sandboxBaseUrl: baseUrl,
+            flowchart: { htmlLabels: false },
+          });
+
+          const el3 = document.querySelector('.mermaid-url-types');
+          mermaid.render('diagram-url-types', el3.textContent).then(({ svg }) => {
+            el3.innerHTML = svg;
+            log('Test 3 rendered with various URL types', 'success');
+          });
+        } catch (e) {
+          log(`Test 3 error: ${e.message}`, 'error');
+        }
+      }, 1000);
+
+      // Test 4: Strict mode
+      setTimeout(() => {
+        try {
+          log('Initializing Test 4: strict mode (links disabled)...', 'info');
+          mermaid.initialize({
+            startOnLoad: false,
+            securityLevel: 'strict',
+            flowchart: { htmlLabels: true },
+          });
+
+          const el4 = document.querySelector('.mermaid-strict');
+          mermaid.render('diagram-strict', el4.textContent).then(({ svg }) => {
+            el4.innerHTML = svg;
+            log('Test 4 rendered in strict mode', 'info');
+          });
+        } catch (e) {
+          log(`Test 4 error: ${e.message}`, 'error');
+        }
+      }, 1500);
+
+      // Summary
+      setTimeout(() => {
+        log('-----------------------------------', 'info');
+        log('All tests rendered. Click the diagram links to test!', 'success');
+        log('Test 1 & 3: Relative links should work', 'success');
+        log('Test 2: Relative links should fail (about:blank#blocked)', 'info');
+        log('Test 4: All links disabled (strict mode)', 'info');
+      }, 2000);
+    </script>
+  </body>
+</html>
diff --git a/docs/config/setup/mermaid/interfaces/MermaidConfig.md b/docs/config/setup/mermaid/interfaces/MermaidConfig.md
index f4c5b0b2b5e..36aa63a05fe 100644
--- a/docs/config/setup/mermaid/interfaces/MermaidConfig.md
+++ b/docs/config/setup/mermaid/interfaces/MermaidConfig.md
@@ -26,7 +26,7 @@ Defined in: [packages/mermaid/src/config.type.ts:132](https://github.com/mermaid
 
 > `optional` **architecture**: `ArchitectureDiagramConfig`
 
-Defined in: [packages/mermaid/src/config.type.ts:204](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L204)
+Defined in: [packages/mermaid/src/config.type.ts:219](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L219)
 
 ---
 
@@ -34,7 +34,7 @@ Defined in: [packages/mermaid/src/config.type.ts:204](https://github.com/mermaid
 
 > `optional` **arrowMarkerAbsolute**: `boolean`
 
-Defined in: [packages/mermaid/src/config.type.ts:151](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L151)
+Defined in: [packages/mermaid/src/config.type.ts:166](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L166)
 
 Controls whether or arrow markers in html code are absolute paths or anchors.
 This matters if you are using base tag settings.
@@ -45,7 +45,7 @@ This matters if you are using base tag settings.
 
 > `optional` **block**: `BlockDiagramConfig`
 
-Defined in: [packages/mermaid/src/config.type.ts:211](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L211)
+Defined in: [packages/mermaid/src/config.type.ts:226](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L226)
 
 ---
 
@@ -53,7 +53,7 @@ Defined in: [packages/mermaid/src/config.type.ts:211](https://github.com/mermaid
 
 > `optional` **c4**: `C4DiagramConfig`
 
-Defined in: [packages/mermaid/src/config.type.ts:208](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L208)
+Defined in: [packages/mermaid/src/config.type.ts:223](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L223)
 
 ---
 
@@ -61,7 +61,7 @@ Defined in: [packages/mermaid/src/config.type.ts:208](https://github.com/mermaid
 
 > `optional` **class**: `ClassDiagramConfig`
 
-Defined in: [packages/mermaid/src/config.type.ts:197](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L197)
+Defined in: [packages/mermaid/src/config.type.ts:212](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L212)
 
 ---
 
@@ -77,7 +77,7 @@ Defined in: [packages/mermaid/src/config.type.ts:123](https://github.com/mermaid
 
 > `optional` **deterministicIds**: `boolean`
 
-Defined in: [packages/mermaid/src/config.type.ts:184](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L184)
+Defined in: [packages/mermaid/src/config.type.ts:199](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L199)
 
 This option controls if the generated ids of nodes in the SVG are
 generated randomly or based on a seed.
@@ -93,7 +93,7 @@ should not change unless content is changed.
 
 > `optional` **deterministicIDSeed**: `string`
 
-Defined in: [packages/mermaid/src/config.type.ts:191](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L191)
+Defined in: [packages/mermaid/src/config.type.ts:206](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L206)
 
 This option is the optional seed for deterministic ids.
 If set to `undefined` but deterministicIds is `true`, a simple number iterator is used.
@@ -105,7 +105,7 @@ You can set this attribute to base the seed on a static string.
 
 > `optional` **dompurifyConfig**: `Config`
 
-Defined in: [packages/mermaid/src/config.type.ts:213](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L213)
+Defined in: [packages/mermaid/src/config.type.ts:228](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L228)
 
 ---
 
@@ -151,7 +151,7 @@ Elk specific option affecting how nodes are placed.
 
 > `optional` **er**: `ErDiagramConfig`
 
-Defined in: [packages/mermaid/src/config.type.ts:199](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L199)
+Defined in: [packages/mermaid/src/config.type.ts:214](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L214)
 
 ---
 
@@ -159,7 +159,7 @@ Defined in: [packages/mermaid/src/config.type.ts:199](https://github.com/mermaid
 
 > `optional` **flowchart**: `FlowchartDiagramConfig`
 
-Defined in: [packages/mermaid/src/config.type.ts:192](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L192)
+Defined in: [packages/mermaid/src/config.type.ts:207](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L207)
 
 ---
 
@@ -179,7 +179,7 @@ See <https://developer.mozilla.org/en-US/docs/Web/CSS/font-family>
 
 > `optional` **fontSize**: `number`
 
-Defined in: [packages/mermaid/src/config.type.ts:215](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L215)
+Defined in: [packages/mermaid/src/config.type.ts:230](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L230)
 
 ---
 
@@ -187,7 +187,7 @@ Defined in: [packages/mermaid/src/config.type.ts:215](https://github.com/mermaid
 
 > `optional` **forceLegacyMathML**: `boolean`
 
-Defined in: [packages/mermaid/src/config.type.ts:173](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L173)
+Defined in: [packages/mermaid/src/config.type.ts:188](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L188)
 
 This option forces Mermaid to rely on KaTeX's own stylesheet for rendering MathML. Due to differences between OS
 fonts and browser's MathML implementation, this option is recommended if consistent rendering is important.
@@ -199,7 +199,7 @@ If set to true, ignores legacyMathML.
 
 > `optional` **gantt**: `GanttDiagramConfig`
 
-Defined in: [packages/mermaid/src/config.type.ts:194](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L194)
+Defined in: [packages/mermaid/src/config.type.ts:209](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L209)
 
 ---
 
@@ -207,7 +207,7 @@ Defined in: [packages/mermaid/src/config.type.ts:194](https://github.com/mermaid
 
 > `optional` **gitGraph**: `GitGraphDiagramConfig`
 
-Defined in: [packages/mermaid/src/config.type.ts:207](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L207)
+Defined in: [packages/mermaid/src/config.type.ts:222](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L222)
 
 ---
 
@@ -233,7 +233,7 @@ Defined in: [packages/mermaid/src/config.type.ts:124](https://github.com/mermaid
 
 > `optional` **journey**: `JourneyDiagramConfig`
 
-Defined in: [packages/mermaid/src/config.type.ts:195](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L195)
+Defined in: [packages/mermaid/src/config.type.ts:210](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L210)
 
 ---
 
@@ -241,7 +241,7 @@ Defined in: [packages/mermaid/src/config.type.ts:195](https://github.com/mermaid
 
 > `optional` **kanban**: `KanbanDiagramConfig`
 
-Defined in: [packages/mermaid/src/config.type.ts:206](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L206)
+Defined in: [packages/mermaid/src/config.type.ts:221](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L221)
 
 ---
 
@@ -259,7 +259,7 @@ Defines which layout algorithm to use for rendering the diagram.
 
 > `optional` **legacyMathML**: `boolean`
 
-Defined in: [packages/mermaid/src/config.type.ts:166](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L166)
+Defined in: [packages/mermaid/src/config.type.ts:181](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L181)
 
 This option specifies if Mermaid can expect the dependent to include KaTeX stylesheets for browsers
 without their own MathML implementation. If this option is disabled and MathML is not supported, the math
@@ -292,7 +292,7 @@ Defines which main look to use for the diagram.
 
 > `optional` **markdownAutoWrap**: `boolean`
 
-Defined in: [packages/mermaid/src/config.type.ts:216](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L216)
+Defined in: [packages/mermaid/src/config.type.ts:231](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L231)
 
 ---
 
@@ -320,7 +320,7 @@ The maximum allowed size of the users text diagram
 
 > `optional` **mindmap**: `MindmapDiagramConfig`
 
-Defined in: [packages/mermaid/src/config.type.ts:205](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L205)
+Defined in: [packages/mermaid/src/config.type.ts:220](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L220)
 
 ---
 
@@ -328,7 +328,7 @@ Defined in: [packages/mermaid/src/config.type.ts:205](https://github.com/mermaid
 
 > `optional` **packet**: `PacketDiagramConfig`
 
-Defined in: [packages/mermaid/src/config.type.ts:210](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L210)
+Defined in: [packages/mermaid/src/config.type.ts:225](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L225)
 
 ---
 
@@ -336,7 +336,7 @@ Defined in: [packages/mermaid/src/config.type.ts:210](https://github.com/mermaid
 
 > `optional` **pie**: `PieDiagramConfig`
 
-Defined in: [packages/mermaid/src/config.type.ts:200](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L200)
+Defined in: [packages/mermaid/src/config.type.ts:215](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L215)
 
 ---
 
@@ -344,7 +344,7 @@ Defined in: [packages/mermaid/src/config.type.ts:200](https://github.com/mermaid
 
 > `optional` **quadrantChart**: `QuadrantChartConfig`
 
-Defined in: [packages/mermaid/src/config.type.ts:201](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L201)
+Defined in: [packages/mermaid/src/config.type.ts:216](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L216)
 
 ---
 
@@ -352,7 +352,7 @@ Defined in: [packages/mermaid/src/config.type.ts:201](https://github.com/mermaid
 
 > `optional` **radar**: `RadarDiagramConfig`
 
-Defined in: [packages/mermaid/src/config.type.ts:212](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L212)
+Defined in: [packages/mermaid/src/config.type.ts:227](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L227)
 
 ---
 
@@ -360,7 +360,27 @@ Defined in: [packages/mermaid/src/config.type.ts:212](https://github.com/mermaid
 
 > `optional` **requirement**: `RequirementDiagramConfig`
 
-Defined in: [packages/mermaid/src/config.type.ts:203](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L203)
+Defined in: [packages/mermaid/src/config.type.ts:218](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L218)
+
+---
+
+### sandboxBaseUrl?
+
+> `optional` **sandboxBaseUrl**: `string`
+
+Defined in: [packages/mermaid/src/config.type.ts:156](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L156)
+
+Base URL for resolving relative links in sandbox mode.
+
+When securityLevel is 'sandbox', relative URLs in diagram links cannot be resolved
+because data: URIs have no base URL context. Providing sandboxBaseUrl enables Mermaid
+to pre-resolve all relative URLs to absolute URLs before embedding in the sandbox iframe.
+
+This option only applies when securityLevel is 'sandbox'.
+
+Example: If your page is at <https://example.com/docs/diagrams/arch.html>,
+set sandboxBaseUrl to '<https://example.com/docs/diagrams/>' to enable relative links
+like './details.html' to work correctly.
 
 ---
 
@@ -368,7 +388,7 @@ Defined in: [packages/mermaid/src/config.type.ts:203](https://github.com/mermaid
 
 > `optional` **sankey**: `SankeyDiagramConfig`
 
-Defined in: [packages/mermaid/src/config.type.ts:209](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L209)
+Defined in: [packages/mermaid/src/config.type.ts:224](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L224)
 
 ---
 
@@ -376,7 +396,7 @@ Defined in: [packages/mermaid/src/config.type.ts:209](https://github.com/mermaid
 
 > `optional` **secure**: `string`\[]
 
-Defined in: [packages/mermaid/src/config.type.ts:158](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L158)
+Defined in: [packages/mermaid/src/config.type.ts:173](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L173)
 
 This option controls which `currentConfig` keys are considered secure and
 can only be changed via call to `mermaid.initialize`.
@@ -398,7 +418,7 @@ Level of trust for parsed diagram
 
 > `optional` **sequence**: `SequenceDiagramConfig`
 
-Defined in: [packages/mermaid/src/config.type.ts:193](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L193)
+Defined in: [packages/mermaid/src/config.type.ts:208](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L208)
 
 ---
 
@@ -406,7 +426,7 @@ Defined in: [packages/mermaid/src/config.type.ts:193](https://github.com/mermaid
 
 > `optional` **startOnLoad**: `boolean`
 
-Defined in: [packages/mermaid/src/config.type.ts:145](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L145)
+Defined in: [packages/mermaid/src/config.type.ts:160](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L160)
 
 Dictates whether mermaid starts on Page load
 
@@ -416,7 +436,7 @@ Dictates whether mermaid starts on Page load
 
 > `optional` **state**: `StateDiagramConfig`
 
-Defined in: [packages/mermaid/src/config.type.ts:198](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L198)
+Defined in: [packages/mermaid/src/config.type.ts:213](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L213)
 
 ---
 
@@ -424,7 +444,7 @@ Defined in: [packages/mermaid/src/config.type.ts:198](https://github.com/mermaid
 
 > `optional` **suppressErrorRendering**: `boolean`
 
-Defined in: [packages/mermaid/src/config.type.ts:222](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L222)
+Defined in: [packages/mermaid/src/config.type.ts:237](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L237)
 
 Suppresses inserting 'Syntax error' diagram in the DOM.
 This is useful when you want to control how to handle syntax errors in your application.
@@ -462,7 +482,7 @@ Defined in: [packages/mermaid/src/config.type.ts:65](https://github.com/mermaid-
 
 > `optional` **timeline**: `TimelineDiagramConfig`
 
-Defined in: [packages/mermaid/src/config.type.ts:196](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L196)
+Defined in: [packages/mermaid/src/config.type.ts:211](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L211)
 
 ---
 
@@ -470,7 +490,7 @@ Defined in: [packages/mermaid/src/config.type.ts:196](https://github.com/mermaid
 
 > `optional` **wrap**: `boolean`
 
-Defined in: [packages/mermaid/src/config.type.ts:214](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L214)
+Defined in: [packages/mermaid/src/config.type.ts:229](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L229)
 
 ---
 
@@ -478,4 +498,4 @@ Defined in: [packages/mermaid/src/config.type.ts:214](https://github.com/mermaid
 
 > `optional` **xyChart**: `XYChartConfig`
 
-Defined in: [packages/mermaid/src/config.type.ts:202](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L202)
+Defined in: [packages/mermaid/src/config.type.ts:217](https://github.com/mermaid-js/mermaid/blob/master/packages/mermaid/src/config.type.ts#L217)
diff --git a/packages/mermaid/src/config.type.ts b/packages/mermaid/src/config.type.ts
index 79fadd19531..66eec8f65a3 100644
--- a/packages/mermaid/src/config.type.ts
+++ b/packages/mermaid/src/config.type.ts
@@ -139,6 +139,21 @@ export interface MermaidConfig {
    * Level of trust for parsed diagram
    */
   securityLevel?: 'strict' | 'loose' | 'antiscript' | 'sandbox';
+  /**
+   * Base URL for resolving relative links in sandbox mode.
+   *
+   * When securityLevel is 'sandbox', relative URLs in diagram links cannot be resolved
+   * because data: URIs have no base URL context. Providing sandboxBaseUrl enables Mermaid
+   * to pre-resolve all relative URLs to absolute URLs before embedding in the sandbox iframe.
+   *
+   * This option only applies when securityLevel is 'sandbox'.
+   *
+   * Example: If your page is at https://example.com/docs/diagrams/arch.html,
+   * set sandboxBaseUrl to 'https://example.com/docs/diagrams/' to enable relative links
+   * like './details.html' to work correctly.
+   *
+   */
+  sandboxBaseUrl?: string;
   /**
    * Dictates whether mermaid starts on Page load
    */
diff --git a/packages/mermaid/src/mermaidAPI.ts b/packages/mermaid/src/mermaidAPI.ts
index 80deda740fc..2544b0ac8a2 100644
--- a/packages/mermaid/src/mermaidAPI.ts
+++ b/packages/mermaid/src/mermaidAPI.ts
@@ -24,6 +24,7 @@ import theme from './themes/index.js';
 import type { D3Element, ParseOptions, ParseResult, RenderResult } from './types.js';
 import { decodeEntities } from './utils.js';
 import { toBase64 } from './utils/base64.js';
+import { resolveRelativeUrlsInElement } from './utils/sandboxUrl.js';
 
 const MAX_TEXTLENGTH = 50_000;
 const MAX_TEXTLENGTH_EXCEEDED_MSG =
@@ -212,6 +213,7 @@ export const putIntoIFrame = (svgCode = '', svgElement?: D3Element): string => {
   const height = svgElement?.viewBox?.baseVal?.height
     ? svgElement.viewBox.baseVal.height + 'px'
     : IFRAME_HEIGHT;
+
   const base64encodedSrc = toBase64(`<body style="${IFRAME_BODY_STYLE}">${svgCode}</body>`);
   return `<iframe style="width:${IFRAME_WIDTH};height:${height};${IFRAME_STYLES}" src="data:text/html;charset=UTF-8;base64,${base64encodedSrc}" sandbox="${IFRAME_SANDBOX_OPTS}">
   ${IFRAME_NOT_SUPPORTED_MSG}
@@ -439,6 +441,13 @@ const render = async function (
   // Clean up SVG code
   root.select(`[id="${id}"]`).selectAll('foreignobject > *').attr('xmlns', XMLNS_XHTML_STD);
 
+  // Resolve relative URLs in sandbox mode before extracting innerHTML
+  // This must happen before serialization to avoid parse/serialize round-trip
+  const svgEl = root.select(enclosingDivID_selector + ' svg').node();
+  if (isSandboxed && config.sandboxBaseUrl) {
+    resolveRelativeUrlsInElement(svgEl, config.sandboxBaseUrl);
+  }
+
   // Fix for when the base tag is used
   let svgCode: string = root.select(enclosingDivID_selector).node().innerHTML;
 
@@ -446,7 +455,6 @@ const render = async function (
   svgCode = cleanUpSvgCode(svgCode, isSandboxed, evaluate(config.arrowMarkerAbsolute));
 
   if (isSandboxed) {
-    const svgEl = root.select(enclosingDivID_selector + ' svg').node();
     svgCode = putIntoIFrame(svgCode, svgEl);
   } else if (!isLooseSecurityLevel) {
     // Sanitize the svgCode using DOMPurify
diff --git a/packages/mermaid/src/schemas/config.schema.yaml b/packages/mermaid/src/schemas/config.schema.yaml
index 4b75c9704bf..7acff1c1a43 100644
--- a/packages/mermaid/src/schemas/config.schema.yaml
+++ b/packages/mermaid/src/schemas/config.schema.yaml
@@ -207,6 +207,20 @@ properties:
         This prevent any JavaScript from running in the context.
         This may hinder interactive functionality of the diagram, like scripts, popups in the sequence diagram, or links to other tabs or targets, etc.
     default: strict
+  sandboxBaseUrl:
+    description: |
+      Base URL for resolving relative links in sandbox mode.
+
+      When securityLevel is 'sandbox', relative URLs in diagram links cannot be resolved
+      because data: URIs have no base URL context. Providing sandboxBaseUrl enables Mermaid
+      to pre-resolve all relative URLs to absolute URLs before embedding in the sandbox iframe.
+
+      This option only applies when securityLevel is 'sandbox'.
+
+      Example: If your page is at https://example.com/docs/diagrams/arch.html,
+      set sandboxBaseUrl to 'https://example.com/docs/diagrams/' to enable relative links
+      like './details.html' to work correctly.
+    type: string
   startOnLoad:
     description: Dictates whether mermaid starts on Page load
     type: boolean
@@ -231,6 +245,7 @@ properties:
         'maxTextSize',
         'suppressErrorRendering',
         'maxEdges',
+        'sandboxBaseUrl',
       ]
     type: array
     items:
diff --git a/packages/mermaid/src/utils/sandboxUrl.spec.ts b/packages/mermaid/src/utils/sandboxUrl.spec.ts
new file mode 100644
index 00000000000..6b09ae431e6
--- /dev/null
+++ b/packages/mermaid/src/utils/sandboxUrl.spec.ts
@@ -0,0 +1,206 @@
+import { describe, expect, it } from 'vitest';
+import { isAbsoluteUrl, resolveRelativeUrlsInElement } from './sandboxUrl.js';
+
+describe('isAbsoluteUrl', () => {
+  it('should return true for http:// URLs', () => {
+    expect(isAbsoluteUrl('http://example.com')).toBe(true);
+    expect(isAbsoluteUrl('http://example.com/page.html')).toBe(true);
+  });
+
+  it('should return true for https:// URLs', () => {
+    expect(isAbsoluteUrl('https://example.com')).toBe(true);
+    expect(isAbsoluteUrl('https://example.com/page.html')).toBe(true);
+  });
+
+  it('should return true for other protocol schemes', () => {
+    expect(isAbsoluteUrl('mailto:user@example.com')).toBe(true);
+    expect(isAbsoluteUrl('javascript:void(0)')).toBe(true);
+    expect(isAbsoluteUrl('data:text/html,<h1>Hello</h1>')).toBe(true);
+    expect(isAbsoluteUrl('ftp://example.com/file')).toBe(true);
+  });
+
+  it('should return true for protocol-relative URLs', () => {
+    expect(isAbsoluteUrl('//example.com')).toBe(true);
+    expect(isAbsoluteUrl('//cdn.example.com/resource.js')).toBe(true);
+  });
+
+  it('should return false for relative paths', () => {
+    expect(isAbsoluteUrl('./page.html')).toBe(false);
+    expect(isAbsoluteUrl('../other.html')).toBe(false);
+    expect(isAbsoluteUrl('page.html')).toBe(false);
+    expect(isAbsoluteUrl('folder/page.html')).toBe(false);
+  });
+
+  it('should return false for absolute paths (without protocol)', () => {
+    expect(isAbsoluteUrl('/root.html')).toBe(false);
+    expect(isAbsoluteUrl('/docs/guide.html')).toBe(false);
+  });
+
+  it('should return false for hash links', () => {
+    expect(isAbsoluteUrl('#section')).toBe(false);
+    expect(isAbsoluteUrl('#')).toBe(false);
+  });
+});
+
+describe('resolveRelativeUrlsInElement', () => {
+  const baseUrl = 'https://example.com/docs/diagrams/';
+
+  // Helper to create an SVG element from string
+  function createSvgElement(svgString: string): Element {
+    const parser = new DOMParser();
+    const doc = parser.parseFromString(svgString, 'image/svg+xml');
+    return doc.documentElement;
+  }
+
+  // Helper to get href from first anchor in element
+  function getFirstHref(element: Element): string | null {
+    const anchor = element.querySelector('a');
+    return anchor?.getAttribute('href') ?? null;
+  }
+
+  // Helper to get xlink:href from first anchor in element
+  function getFirstXlinkHref(element: Element): string | null {
+    const anchor = element.querySelector('a');
+    return anchor?.getAttributeNS('http://www.w3.org/1999/xlink', 'href') ?? null;
+  }
+
+  it('should resolve relative paths (./) in href attributes', () => {
+    const svg = createSvgElement('<svg><a href="./page.html">Link</a></svg>');
+    resolveRelativeUrlsInElement(svg, baseUrl);
+    expect(getFirstHref(svg)).toBe('https://example.com/docs/diagrams/page.html');
+  });
+
+  it('should resolve relative paths (./) in xlink:href attributes', () => {
+    const svg = createSvgElement(
+      '<svg xmlns:xlink="http://www.w3.org/1999/xlink"><a xlink:href="./page.html">Link</a></svg>'
+    );
+    resolveRelativeUrlsInElement(svg, baseUrl);
+    expect(getFirstXlinkHref(svg)).toBe('https://example.com/docs/diagrams/page.html');
+  });
+
+  it('should resolve parent directory paths (../)', () => {
+    const svg = createSvgElement('<svg><a href="../other.html">Link</a></svg>');
+    resolveRelativeUrlsInElement(svg, baseUrl);
+    expect(getFirstHref(svg)).toBe('https://example.com/docs/other.html');
+  });
+
+  it('should resolve absolute paths (/)', () => {
+    const svg = createSvgElement('<svg><a href="/root.html">Link</a></svg>');
+    resolveRelativeUrlsInElement(svg, baseUrl);
+    expect(getFirstHref(svg)).toBe('https://example.com/root.html');
+  });
+
+  it('should resolve hash links against base URL', () => {
+    const svg = createSvgElement('<svg><a href="#section">Link</a></svg>');
+    const baseUrlWithFile = 'https://example.com/docs/index.html';
+    resolveRelativeUrlsInElement(svg, baseUrlWithFile);
+    expect(getFirstHref(svg)).toBe('https://example.com/docs/index.html#section');
+  });
+
+  it('should not modify absolute URLs with http://', () => {
+    const svg = createSvgElement('<svg><a href="http://other.com/page">Link</a></svg>');
+    resolveRelativeUrlsInElement(svg, baseUrl);
+    expect(getFirstHref(svg)).toBe('http://other.com/page');
+  });
+
+  it('should not modify absolute URLs with https://', () => {
+    const svg = createSvgElement('<svg><a href="https://other.com/page">Link</a></svg>');
+    resolveRelativeUrlsInElement(svg, baseUrl);
+    expect(getFirstHref(svg)).toBe('https://other.com/page');
+  });
+
+  it('should not modify protocol-relative URLs', () => {
+    const svg = createSvgElement('<svg><a href="//cdn.example.com/resource">Link</a></svg>');
+    resolveRelativeUrlsInElement(svg, baseUrl);
+    expect(getFirstHref(svg)).toBe('//cdn.example.com/resource');
+  });
+
+  it('should not modify mailto: URLs', () => {
+    const svg = createSvgElement('<svg><a href="mailto:user@example.com">Email</a></svg>');
+    resolveRelativeUrlsInElement(svg, baseUrl);
+    expect(getFirstHref(svg)).toBe('mailto:user@example.com');
+  });
+
+  it('should not modify javascript: URLs', () => {
+    const svg = createSvgElement('<svg><a href="javascript:void(0)">Link</a></svg>');
+    resolveRelativeUrlsInElement(svg, baseUrl);
+    expect(getFirstHref(svg)).toBe('javascript:void(0)');
+  });
+
+  it('should handle both href and xlink:href in the same SVG', () => {
+    const svg = createSvgElement(`<svg xmlns:xlink="http://www.w3.org/1999/xlink">
+      <a href="./a.html">A</a>
+      <a xlink:href="./b.html">B</a>
+    </svg>`);
+    resolveRelativeUrlsInElement(svg, baseUrl);
+
+    const anchors = svg.querySelectorAll('a');
+    expect(anchors[0].getAttribute('href')).toBe('https://example.com/docs/diagrams/a.html');
+    expect(anchors[1].getAttributeNS('http://www.w3.org/1999/xlink', 'href')).toBe(
+      'https://example.com/docs/diagrams/b.html'
+    );
+  });
+
+  it('should handle multiple links with mixed URLs', () => {
+    const svg = createSvgElement(`<svg xmlns:xlink="http://www.w3.org/1999/xlink">
+      <a href="./relative.html">Relative</a>
+      <a href="https://absolute.com">Absolute</a>
+      <a xlink:href="../parent.html">Parent</a>
+      <a xlink:href="//protocol-relative.com">Protocol</a>
+    </svg>`);
+    resolveRelativeUrlsInElement(svg, baseUrl);
+
+    const anchors = svg.querySelectorAll('a');
+    expect(anchors[0].getAttribute('href')).toBe('https://example.com/docs/diagrams/relative.html');
+    expect(anchors[1].getAttribute('href')).toBe('https://absolute.com');
+    expect(anchors[2].getAttributeNS('http://www.w3.org/1999/xlink', 'href')).toBe(
+      'https://example.com/docs/parent.html'
+    );
+    expect(anchors[3].getAttributeNS('http://www.w3.org/1999/xlink', 'href')).toBe(
+      '//protocol-relative.com'
+    );
+  });
+
+  it('should handle SVG with no links (no-op)', () => {
+    const svg = createSvgElement('<svg><rect width="100" height="100"/></svg>');
+    // Should not throw
+    resolveRelativeUrlsInElement(svg, baseUrl);
+    expect(svg.querySelector('rect')).not.toBeNull();
+  });
+
+  it('should resolve simple file names without ./', () => {
+    const svg = createSvgElement('<svg><a href="page.html">Link</a></svg>');
+    resolveRelativeUrlsInElement(svg, baseUrl);
+    expect(getFirstHref(svg)).toBe('https://example.com/docs/diagrams/page.html');
+  });
+
+  it('should handle nested elements with links', () => {
+    const svg = createSvgElement(`<svg>
+      <g>
+        <a href="./nested.html">
+          <text>Nested Link</text>
+        </a>
+      </g>
+    </svg>`);
+    resolveRelativeUrlsInElement(svg, baseUrl);
+    expect(getFirstHref(svg)).toBe('https://example.com/docs/diagrams/nested.html');
+  });
+
+  it('should leave href unchanged when URL resolution fails with invalid base', () => {
+    const svg = createSvgElement('<svg><a href="./page.html">Link</a></svg>');
+    // Invalid base URL that will cause URL constructor to fail
+    resolveRelativeUrlsInElement(svg, 'not-a-valid-url');
+    // Original href should be preserved
+    expect(getFirstHref(svg)).toBe('./page.html');
+  });
+
+  it('should leave xlink:href unchanged when URL resolution fails with invalid base', () => {
+    const svg = createSvgElement(
+      '<svg xmlns:xlink="http://www.w3.org/1999/xlink"><a xlink:href="./page.html">Link</a></svg>'
+    );
+    // Invalid base URL that will cause URL constructor to fail
+    resolveRelativeUrlsInElement(svg, 'not-a-valid-url');
+    // Original xlink:href should be preserved
+    expect(getFirstXlinkHref(svg)).toBe('./page.html');
+  });
+});
diff --git a/packages/mermaid/src/utils/sandboxUrl.ts b/packages/mermaid/src/utils/sandboxUrl.ts
new file mode 100644
index 00000000000..ece5569287a
--- /dev/null
+++ b/packages/mermaid/src/utils/sandboxUrl.ts
@@ -0,0 +1,78 @@
+/**
+ * Utilities for resolving relative URLs in sandbox mode.
+ *
+ * When securityLevel is 'sandbox', diagrams are rendered inside a data: URI iframe.
+ * Data URIs have no base URL context, so relative URLs in diagram links
+ * (e.g., "./page.html") cannot be resolved by the browser.
+ *
+ * This module provides functionality to pre-resolve relative URLs to absolute URLs
+ * before the SVG is serialized and embedded in the sandbox iframe.
+ */
+
+const XLINK_NS = 'http://www.w3.org/1999/xlink';
+
+/**
+ * Checks if a URL is absolute (should not be modified).
+ *
+ * A URL is considered absolute if it:
+ * - Starts with a protocol scheme (http://, https://, mailto:, etc.)
+ * - Starts with protocol-relative prefix (//)
+ *
+ * @param url - The URL to check
+ * @returns true if the URL is absolute
+ */
+export function isAbsoluteUrl(url: string): boolean {
+  // Protocol schemes (http:, https:, mailto:, javascript:, data:, etc.)
+  if (/^[A-Za-z][\d+.A-Za-z-]*:/.test(url)) {
+    return true;
+  }
+  // Protocol-relative URLs
+  if (url.startsWith('//')) {
+    return true;
+  }
+  return false;
+}
+
+/**
+ * Resolves relative URLs in a DOM element (in place) against a base URL.
+ * Used for sandbox mode to enable link navigation from data URI iframes.
+ *
+ * This function finds all elements with href or xlink:href attributes
+ * and resolves relative URLs to absolute URLs using the provided base URL.
+ * The element is mutated directly - no return value.
+ *
+ * @param element - The DOM element (typically an SVG) to process
+ * @param baseUrl - The base URL to resolve relative URLs against
+ */
+export function resolveRelativeUrlsInElement(element: Element, baseUrl: string): void {
+  // Find all elements with href or xlink:href attributes
+  // We need to handle both standard href and xlink:href (used in SVG)
+  const elementsWithHref = element.querySelectorAll('[href]');
+  const elementsWithXlinkHref = element.querySelectorAll('[*|href]');
+
+  // Process regular href attributes
+  for (const el of elementsWithHref) {
+    const href = el.getAttribute('href');
+    if (href && !isAbsoluteUrl(href)) {
+      try {
+        const absoluteUrl = new URL(href, baseUrl).href;
+        el.setAttribute('href', absoluteUrl);
+      } catch {
+        // If URL resolution fails, leave the original href unchanged
+      }
+    }
+  }
+
+  // Process xlink:href attributes (common in SVG)
+  for (const el of elementsWithXlinkHref) {
+    const xlinkHref = el.getAttributeNS(XLINK_NS, 'href');
+    if (xlinkHref && !isAbsoluteUrl(xlinkHref)) {
+      try {
+        const absoluteUrl = new URL(xlinkHref, baseUrl).href;
+        el.setAttributeNS(XLINK_NS, 'xlink:href', absoluteUrl);
+      } catch {
+        // If URL resolution fails, leave the original href unchanged
+      }
+    }
+  }
+}