Jul 19 2022
Today, I noticed that Outlook's Advanced Threat Protection feature, which rewrites links to "safelinks.protection.outlook.com", is breaking links that contain "(" and ")" characters.
This affects a couple of applications, e.g. JIRA:
All applications developed with the Angular framework are also affected in the default configuration if they use named router outlets (sample URL: http://base-path/primary-route-path(outlet-name:route-path, more information here: https://angular.io/api/router/RouterOutlet)
This is causing problems for a customer of one of our applications.
"(" and ")" in URLs are perfectly legal and do not need to be escaped according to RFC 1738
https://www.ietf.org/rfc/rfc1738.txt (section 2.2)
"Thus, only alphanumerics, the special characters "$-_.+!*'(),", and reserved characters used for their reserved purposes may be used unencoded within a URL."
Is there any other fix for this than disabling link protection selectively?