(#996): Fix arbitrary file read when href has special characters
In UrlResolver::resolve_href() we now explicitly disallow URLs that have a query string ("?") or a fragment identifier ("#").
We also explicitly check for a base URL and not resolving to a path, for example, "file:///base/foo.svg" + "." would resolve to "file:///base/" - this is technically correct, but we don't want to resolve to directories.
Also, we pass a canonicalized path name as a URL upstream, so that g_file_new_from_url() will consume it later, instead of passing the original and potentially malicious URL.
Fixes #996 (closed)