From e8bf68404337d068f9a22591ce6af8e4886cd622 Mon Sep 17 00:00:00 2001
From: DaftCode101 <106412338+DaftCode101@users.noreply.github.com>
Date: Fri, 10 Apr 2026 09:48:26 -0600
Subject: [PATCH] Update urls.go: Fix URL canonicalization filter evasion

---
 urls.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/urls.go b/urls.go
index e9eeca6..1801c65 100644
--- a/urls.go
+++ b/urls.go
@@ -299,6 +299,8 @@ func parseURL(urlStr string) (parsedURL *url.URL, err error) {
 	rest = strings.Replace(rest, "\t", "", -1)
 	rest = strings.Replace(rest, "\r", "", -1)
 	rest = strings.Replace(rest, "\n", "", -1)
+	// Normalize backslashes to forward slashes per v4 canonicalization spec to prevent host parsing evasion.
+	rest = strings.Replace(rest, "\\", "/", -1)
 	rest, err = normalizeEscape(rest)
 	if err != nil {
 		return nil, err