5
5
5
5Check which characters are allowed inside a path traversal and the URL still traverses
new URL("https://x.se/long/..$[chr]/a").pathname.length > 4 ? false : log($[i])new URL("https://x.se/long/..0x09/a").pathname.length > 4 ? false : alert(9)new URL("https://x.se/long/..#/a").pathname.length > 4 ? false : alert(35)new URL("https://x.se/long/..//a").pathname.length > 4 ? false : alert(47)new URL("https://x.se/long/..?/a").pathname.length > 4 ? false : alert(63)new URL("https://x.se/long/..\/a").pathname.length > 4 ? false : alert(92)