Why URLs Like /api/;/user/info Still Work: Server Parsing and RFC Rules
The article explains that URLs containing a semicolon, such as /api/;/user/info, are still reachable because web servers follow legacy URL‑path‑parameter parsing defined in older RFCs, treat empty parameters as harmless, and normalize the path before routing, which also introduces security considerations.
