Yeah, that was the first thing they mentioned in their requirements is dealing with malvertising.

I didn't get to the section that covers how they met that goal yet, but if you are interested I can let you know what their approach is so you can see if it sounds sufficient. 

 I found the answer in III(a) of their academic paper. It makes an AJAX request and does not load the response into the DOM.

The paper talks about the problem of this being distinguishable from a real click (which would parse the response, render HTML & CSS, execute JS, parse CSS, possibly play audio and video files, etc.).

The additional risk in their current implementation seems minimal. Future versions may depend more on sandboxing technologies for protection.