harden link checker before accepting click

diff --git a/src/textview.c b/src/textview.c
index 62ad46eaf6735fc368aeb8dc569ead7ad9cd2b50..3cdf5d911ad91119d8c146f5e655e21876e2535a 100644 (file)
--- a/src/textview.c
+++ b/src/textview.c
@@ -2885,7 +2885,7 @@ gboolean textview_uri_security_check(TextView *textview, ClickableText *uri)
        gboolean retval = TRUE;
 
        if (is_uri_string(uri->uri) == FALSE)
-               return TRUE;
+               return FALSE;
 
        visible_str = textview_get_visible_uri(textview, uri);
        if (visible_str == NULL)
@@ -2922,6 +2922,8 @@ gboolean textview_uri_security_check(TextView *textview, ClickableText *uri)
                if (aval == G_ALERTALTERNATE)
                        retval = TRUE;
        }
+       if (strlen(uri->uri) > get_uri_len(uri->uri))
+               retval = FALSE;
 
        g_free(visible_str);