Fix: Abort redirections and META-refresh for URLs marke "local".

2 files changed, 14 insertions, 4 deletions

diff --git a/src/cache.c b/src/cache.c
index 04c8d356..14e862b5 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -953,14 +953,20 @@ static int Cache_redirect(CacheEntry_t *entry, int Flags, BrowserWindow *bw)
 
    _MSG(" Cache_redirect: redirect_level = %d\n", bw->redirect_level);
 
+   /* Don't allow redirection for SpamSafe/local URLs */
+   if (URL_FLAGS(entry->Url) & URL_SpamSafe) {
+      a_UIcmd_set_msg(bw, "WARNING: local URL with redirection.  Aborting.");
+      return 0;
+   }
+
    /* if there's a redirect loop, stop now */
    if (bw->redirect_level >= 5)
       entry->Flags |= CA_RedirectLoop;
 
    if (entry->Flags & CA_RedirectLoop) {
-     a_UIcmd_set_msg(bw, "ERROR: redirect loop for: %s", URL_STR_(entry->Url));
-     bw->redirect_level = 0;
-     return 0;
+      a_UIcmd_set_msg(bw, "ERROR: redirect loop for: %s", URL_STR_(entry->Url));
+      bw->redirect_level = 0;
+      return 0;
    }
 
    if ((entry->Flags & CA_Redirect && entry->Location) &&
diff --git a/src/html.cc b/src/html.cc
index 15c37576..a8c70879 100644
--- a/src/html.cc
+++ b/src/html.cc
@@ -3172,8 +3172,12 @@ static void Html_tag_open_meta(DilloHtml *html, const char *tag, int tagsize)
          } else if (delay == 0) {
             /* zero-delay redirection */
             html->stop_parser = true;
-            if (a_Capi_dpi_verify_request(html->bw, new_url))
+            if (URL_FLAGS(html->base_url) & URL_SpamSafe) {
+               a_UIcmd_set_msg(html->bw,
+                  "WARNING: local URL with META refresh.  Aborting.");
+            } else if (a_Capi_dpi_verify_request(html->bw, new_url)) {
                a_UIcmd_redirection0((void*)html->bw, new_url);
+            }
          } else {
             /* Send a custom HTML message.
              * TODO: This is a hairy hack,