Prevent potentially dangerous behaviour within proxy script

[timoles]

Whenever a user supplies a custom "@context": "http://schema.org/" within the json-ld playground a call to a proxy script is made.

This proxy script is implemented in an unsafe manner, allowing an attacker to perform XSS or CSRF attacks against the server. I didn't find a private contact method for reporting the vulnerability, so here's directly the pull request which should harden the proxy script.

Long-term it's probably advisable to perform requests to hosts defined within @context completely client-side via JavaScript.

[gkellogg]

@davidlehn This PR addresses a reasonable concern and has been languishing. Could you comment or commit?