security: check addresses and redirects for access to localhost? #98
Description
A tracked user might try to access our server by adding links or redirects to localhost:// or file:// URLs: see https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/ and https://news.ycombinator.com/item?id=10078967#. However, even if that succeeds, it's unlikely that they could ever see any local information since the relevant documents would hardly make it through the filter that checks for philosophy papers. So arguably not urgent, but needs more thinking.