I was reading about testing against directory traversal on this website: https://wiki.owasp.org/index.php/Testing_Directory_traversal/file_include_(OTG-AUTHZ-001)
And at the end it says
Testing for the flaw is achieved by:
file=....//....//boot.ini
file=....\\....\\boot.ini
file= ..\..\boot.ini
But what does ....\\ or ..../ actually achieve? Javas URI method "normalize()" does not care about it and when I try it on a Windows machine nothing happens.