Allow arbitrary URLs, expect arbitrary code execution

https://positive.security/blog/url-open-rce