replace Kernel.open which lets data spawn shells with URI.parse to pr…

…otect against RCE (#509)

features/step_definitions/web_ext_steps.rb

@@ -126,7 +126,7 @@
 Then /^I should see an s3 image "(.*?)"$/ do |image_file_name|
   image_url = page.find(:xpath, '//img')[:src]
   image_url.should =~ /s3\.amazonaws\.com.+#{Regexp.escape(image_file_name)}/
-  lambda { Kernel.open(image_url) }.should_not raise_error
+  lambda { URI.parse(image_url).open }.should_not raise_error
 end
 
 Then /^I should find "(.+)" in (.+)$/ do |text, locator|