Apple's use of WebKit doesn't check for URL redirects, displays ads

I don't think there's anything that can be done about this, as it's a weakness in apple's use of webkit on iphone  (haven't checked desktop) and any mobile apps that use their default web implementation internally (eg mail.app)

• 2 devices on same LAN, centrally protected by the same NextDNS account
• example pitting Linux w/Thunderbird email vs iPhone w/Apple Mail.app, plus assorted browsers on each platform
• Regular coupon/offer emails come in from harborfreight, filled with marketing tracking links
• NextDNS allowlist includes clicks.harborfreight.com so we can actually see the bug/effect (rather than having it stopped before the redirect can be observed)
• thunderbird on linux sees these embedded image links, sees that they forward to sketchy sounding metrics hosts (eg em.dynamicyield.com and micpn.com) and refuses them with the privacy page (yay)
• if the urls are copied from the email into linux firefox or brave, they also block (yay)
• the iphone mail app sees the same links, doesn't care about their internal redirects, and renders the coupon images (boo)
• if the urls are copied from the email into iphone safari, they also render (boo)
• but if I try them in brave (or duck or firefox) on iphone they get rejected like they should. (yay)

This is totally on Apple's use of the WebKit that they fail to check the urls for redirects. And it's interesting that other ios browsers, which are all forced to use webkit afaik, have better implementations that DO look at the forwards.

Here's an example of a HF link that redirects to a metrics site, in case you want to play with it:

<https://clicks.harborfreight.com/f/a/sbD91CLThml2xwHH2kiMgw~~/AAQRxRA~/gcdzEg3QR4xTyNjHdNHjg3sXkpaLYiL3wjTj8CCYBw2Z6lmaNIDCyrHYNoAJRq3C-cEMMPh0XFQwxJe9q_zsp8sp1D-tLNx8JCoPfYy1R2t9KOCMxnvc2y3ZvHspWNp1oh0w5tZ8Wm63Sii2NjbwtA1ZRStM_b1dlJqujUM2mDJgZpkIkaLcZPiIKvSMFdyv_Y57sylHKG5N5w8mbIfPcHOo7g6HlrfnsP5fjhuzct7cY1e_RNztg7Mm18JMfEcMVpqej1rgSU0cCgsnfA83Q-OOZ3ca5ztMSigPHkE-_GUaxdFmY75AX4Keb8ms22EI6TNbHADbJ-oi_wefDTsCuTk0NikXQDFcVJaeKCwQuM2Puw5OP5PpAh22h5QRW7aveq9COdoIHeAUDJNSFlONHrQYM2jmwozn37_tMDxVzo2tr7JOEhAUi4T5z3RPtur5bcbLehpCQmnm-NKkqLhZwG-f6WRAvFxGfCH6XOvo3SY~>