Sanitize file:// URLs before use #6
Description
file:// URLs should never be able to target the user's local filesystem, and should only be allowed when there is already a relative base (as explained in #5).
{{ message }}
Sanitize