Issue Title: Make --sandbox default behavior #11261 Status: Closed Key Information: - Issue Raised: Due to the potential for SSRF (Server-Side Request Forgery) and other attacks (CVE-2022-35583, CVE-2025-51591), a suggestion is made to make the default behavior in Pandoc. - Security Concerns: Users should use the option when running Pandoc on untrusted user input. - Proposed Solution: Make the default and allow users to override it, e.g., or . - Documentation Note: The documentation already recommends using for untrusted input. Decision: The Pandoc maintainers decided not to implement the change, mentioning that Pandoc is designed as a CLI tool and its security recommendations already include using when necessary.