Navigation by the host to non-HTTP resources is potentially problematic and should not be permitted
jeremyroman opened this issue · comments
There are potential security issues here, and the simplest solution is to lock away schemes with unusual behavior.