diff -r 9e41dd502922 -r c76b490587d4 pidgin/win32/gtkwin32dep.c
--- a/pidgin/win32/gtkwin32dep.c	Thu Oct 25 17:58:36 2012 +0200
+++ b/pidgin/win32/gtkwin32dep.c	Sat Jan 19 14:41:03 2013 -0500
@@ -171,10 +171,19 @@
 }
 
 void winpidgin_notify_uri(const char *uri) {
-	/* We'll allow whatever URI schemes are supported by the
-	 * default http browser.
+	/* Allow a few commonly used and "safe" schemes to go to the specific
+	 * class handlers and send everything else to the default http browser.
+	 * This isn't optimal, but should cover the most common cases. I didn't
+	 * see any better secure solutions when I did some research.
 	 */
-	winpidgin_shell_execute(uri, "open", "http");
+	gchar *scheme = g_uri_parse_scheme(uri);
+	if (scheme && (g_ascii_strcasecmp(scheme, "https") == 0
+			|| g_ascii_strcasecmp(scheme, "ftp") == 0
+			|| g_ascii_strcasecmp(scheme, "mailto") == 0))
+		winpidgin_shell_execute(uri, "open", scheme);
+	else
+		winpidgin_shell_execute(uri, "open", "http");
+	g_free(scheme);
 }
 
 #define PIDGIN_WM_FOCUS_REQUEST (WM_APP + 13)