fix: Prevent loading remote content via URL hash

[jhildenbiddle]

Fixes #1477. Fixes #1126.

1. Prevent loading remote content via URL hash
2. Restore ability to execute remote content scripts

Summary

What kind of change does this PR introduce? (check at least one)

• Bugfix

Does this PR introduce a breaking change? (check one)

• Yes
• No

If yes, please describe the impact and migration path for existing applications:

The PR fulfills these requirements:

• When resolving a specific issue, it's referenced in the PR's title (e.g. fix #xxx[,#xxx], where "xxx" is the issue number)

You have tested in the following browsers: (Providing a detailed version will be better.)

• Chrome
• Firefox
• Safari
• Edge
• IE

[vercel]

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/docsify-core/docsify-preview/cz9cvkbqj
✅ Preview: https://docsify-preview-git-fix-security-url-hash.docsify-core.vercel.app

[codesandbox-ci]

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

Latest deployment of this branch, based on commit 561cf9d:

Sandbox	Source
docsify-template	Configuration

[sy-records]

LGTM.