Outlook Advanced Threat Protection is breaking links with "(" and ")" characters

Copper Contributor

Today, I noticed that Outlook's Advanced Threat Protection feature, which rewrites links to "safelinks.protection.outlook.com", is breaking links that contain "(" and ")" characters.


This affects a couple of applications, e.g. JIRA:



All applications developed with the Angular framework are also affected in the default configuration if they use named router outlets (sample URL: http://base-path/primary-route-path(outlet-name:route-path, more information here: https://angular.io/api/router/RouterOutlet)


This is causing problems for a customer of one of our applications.


"(" and ")" in URLs are perfectly legal and do not need to be escaped according to RFC 1738

https://www.ietf.org/rfc/rfc1738.txt  (section 2.2)


"Thus, only alphanumerics, the special characters "$-_.+!*'(),", and reserved characters used for their reserved purposes may be used unencoded within a URL."


Is there any other fix for this than disabling link protection selectively?

0 Replies