Have you looked at squidGuard?  It works with squid and is a rather simple
http redirector.  There are some pretty extensive lists of pre-blocked
URLs, it can do some regular expression redirecting, and it's also pretty
simple to add your own lists/rules.  It is only URL based, but was a
pretty nice layer of protection I used when at the Boys & Girls
Clubs.  It's certainly not a secure means by itself (unless you get
draconian and prevent all http requests to an ip rather than a name) but
it should prevent accidentals like in the example.

You can then not worry about directly editing the stream, but rather
redirect them to a page that you build, or whatever.  You can redirect to
any site you choose.

Might be worth a look :)

Wes