Today, I noticed that Outlook's Advanced Threat Protection feature, which rewrites links to "safelinks.protection.outlook.com", is breaking links that contain "(" and ")" characters.

This affects a couple of applications, e.g. JIRA:

https://my-jira-instance.com/issues/?jql=status%20in%20(Open%2C%20Accepted)

All applications developed with the Angular framework are also affected in the default configuration if they use named router outlets (sample URL: http://base-path/primary-route-path(outlet-name:route-path, more information here: https://angular.io/api/router/RouterOutlet)

This is causing problems for a customer of one of our applications.

"(" and ")" in URLs are perfectly legal and do not need to be escaped according to RFC 1738

https://www.ietf.org/rfc/rfc1738.txt  (section 2.2)

"Thus, only alphanumerics, the special characters "$-_.+!*'(),", and reserved characters used for their reserved purposes may be used unencoded within a URL."

Is there any other fix for this than disabling link protection selectively?