If you use the {mailto} plugin in your templates, please check if you are escaping the address value explicitly like this {mailto address=$htmladdress|escape}. This could cause problems through double escaping.
Security
- Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks #454