From b7127541a333d115756a27d61b6e998004f58c04 Mon Sep 17 00:00:00 2001
From: gorhill <rhill@raymondhill.net>
Date: Fri, 8 Dec 2017 08:21:26 -0500
Subject: [PATCH] finally complete fix for #319

---
 src/js/contentscript.js | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/js/contentscript.js b/src/js/contentscript.js
index 4717065..f802287 100644
--- a/src/js/contentscript.js
+++ b/src/js/contentscript.js
@@ -474,16 +474,19 @@ var nodeListsAddedHandler = function(nodeLists) {
     if ( noscripts.length === 0 ) { return; }
 
     var redirectTimer,
-        reMetaContent = /^\s*(\d+)\s*;\s*url=(['"]?)(https?:\/\/[^'"]+)\2/;
+        reMetaContent = /^\s*(\d+)\s*;\s*url=(['"]?)([^'"]+)\2/,
+        reSafeURL = /^https?:\/\//;
 
     var autoRefresh = function(root) {
         var meta = root.querySelector('meta[http-equiv="refresh"][content]');
         if ( meta === null ) { return; }
         var match = reMetaContent.exec(meta.getAttribute('content'));
         if ( match === null || match[3].trim() === '' ) { return; }
+        var url = new URL(match[3], document.baseURI);
+        if ( reSafeURL.test(url.href) === false ) { return; }
         redirectTimer = setTimeout(
             function() {
-                location.assign(match[3]);
+                location.assign(url.href);
             },
             parseInt(match[1], 10) * 1000 + 1
         );