Take URL jumping as an example: URL jumping vulnerabilities mainly use the browser's support for URL features to bypass some protections that are not rigorous in regular matching.
1.“@”
http://www.target.com/redirecturl=http://[email protected]
2.“\”
http://www.target.com/redirecturl=http://evil.com\a.whitelist.com
3.“?”
http://www.target.com/redirecturl=http://evil.com?a.whitelist.com
4.“#”
http://www.target.com/redirecturl=http://evil.com#a.whitelist.com
The above problems will not only affect the protection of URL redirection vulnerabilities, but also may exist wherever URL whitelist detection is involved, such as: WeChat, QQ, etc. detection of URLs in chat content; detection of articles/forum posts, etc. whether an external image is inserted in; [remote] file inclusion/reading; etc.