By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value. Upstream Issue: https://gitlab.gnome.org/GNOME/evolution/-/issues/784
Created evolution tracking bugs for this issue: Affects: fedora-31 [bug 1867606]
Mitigation: Either: 1. Do not use mailto links at all 2. Always double-check in the user interface that there are no unwanted attachments before sending emails; especially when the email originates from clicking a mailto link.
I wrote some reasons why not to fix this into [1]. Simply, (as you said) some users see it a problem, some not. The added extra warning may or may not warn the users, make then cautious, but as the [1] says, there are users considering the warning redundant. Similarly as there, I do not have any problem backporting to RHEL-s, but... [1] https://bugzilla.redhat.com/show_bug.cgi?id=1867606#c2