Potential IP revealing using UNC Path in Windows File Picker

This report is inspired by #294364. The release note says that after fixing [Bug 26424](https://trac.torproject.org/projects/tor/ticket/26424), UNC path is disabled in Tor. But I found that I can still type UNC path in Windows file picker dialog box, and that sends requests to remote servers without Tor proxy. Some social engineering is required to exploit this trick though. Attackers can use <input type="file"> on their website, and trick users to click "Browse" and type an attacker-controlled IP address into file picker in UNC format. Is it possible to disable UNC path in the Windows file picker? If not, how about showing a warning message? ## Impact With some social engineering, attackers can know user's real IP address with <input type="file">.