There can be some external files includes in office documents. And it can be something like /etc/passwd or /home/known-user/very-top-secret-file. And it could be a network request as well.

How to deny access to any external file from a document?

There is an approach with ~/.config/libreoffice/4/user/registrymodifications.xcu, where this content should be placed:

<?xml version="1.0" encoding="UTF-8"?>
<oor:items xmlns:oor="; xmlns:xs="; xmlns:xsi=";>
    <item oor:path="/.openoffice.Office.Common/Security/Scripting"><prop oor:name="BlockUntrustedRefererLinks" oor:op="fuse"><value>true</value></prop></item>
</oor:items>

But there was issues with this approach that we detected – it doesn't work in some environments (we don't understand why). It there some another approach?