diff --git a/oauthproxy.go b/oauthproxy.go
index 8c303df8..d5e71844 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -63,7 +63,7 @@ var (
 
 	// Used to check final redirects are not susceptible to open redirects.
 	// Matches //, /\ and both of these with whitespace in between (eg / / or / \).
-	invalidRedirectRegex = regexp.MustCompile(`^/(\s|\v)?(/|\\)`)
+	invalidRedirectRegex = regexp.MustCompile(`[/\\](?:[\s\v]*|\.{1,2})[/\\]`)
 )
 
 // OAuthProxy is the main authentication proxy
diff --git a/oauthproxy_test.go b/oauthproxy_test.go
index 0c244bae..1a0f0cc5 100644
--- a/oauthproxy_test.go
+++ b/oauthproxy_test.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"bufio"
 	"context"
 	"crypto"
 	"encoding/base64"
@@ -11,6 +12,7 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"net/url"
+	"os"
 	"regexp"
 	"strings"
 	"testing"
@@ -386,6 +388,41 @@ func TestIsValidRedirect(t *testing.T) {
 			Redirect:       "/\r\\evil.com",
 			ExpectedResult: false,
 		},
+		{
+			Desc:           "openRedirectTripleTab",
+			Redirect:       "/\t\t/\t/evil.com",
+			ExpectedResult: false,
+		},
+		{
+			Desc:           "openRedirectTripleTab2",
+			Redirect:       "/\t\t\\\t/evil.com",
+			ExpectedResult: false,
+		},
+		{
+			Desc:           "openRedirectQuadTab1",
+			Redirect:       "/\t\t/\t\t\\evil.com",
+			ExpectedResult: false,
+		},
+		{
+			Desc:           "openRedirectQuadTab2",
+			Redirect:       "/\t\t\\\t\t/evil.com",
+			ExpectedResult: false,
+		},
+		{
+			Desc:           "openRedirectPeriod1",
+			Redirect:       "/./\\evil.com",
+			ExpectedResult: false,
+		},
+		{
+			Desc:           "openRedirectPeriod2",
+			Redirect:       "/./../../\\evil.com",
+			ExpectedResult: false,
+		},
+		{
+			Desc:           "openRedirectDoubleTab",
+			Redirect:       "/\t/\t\\evil.com",
+			ExpectedResult: false,
+		},
 	}
 
 	for _, tc := range testCases {
@@ -399,6 +436,50 @@ func TestIsValidRedirect(t *testing.T) {
 	}
 }
 
+func TestOpenRedirects(t *testing.T) {
+	opts := NewOptions()
+	opts.ClientID = "skdlfj"
+	opts.ClientSecret = "fgkdsgj"
+	opts.Cookie.Secret = "ljgiogbj"
+	// Should match domains that are exactly foo.bar and any subdomain of bar.foo
+	opts.WhitelistDomains = []string{
+		"foo.bar",
+		".bar.foo",
+		"port.bar:8080",
+		".sub.port.bar:8080",
+		"anyport.bar:*",
+		".sub.anyport.bar:*",
+		"www.whitelisteddomain.tld",
+	}
+	opts.Validate()
+
+	proxy := NewOAuthProxy(opts, func(string) bool { return true })
+
+	file, err := os.Open("./test/openredirects.txt")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer file.Close()
+
+	scanner := bufio.NewScanner(file)
+	for scanner.Scan() {
+		rd := scanner.Text()
+		t.Run(rd, func(t *testing.T) {
+			rdUnescaped, err := url.QueryUnescape(rd)
+			if err != nil {
+				t.Fatal(err)
+			}
+			if proxy.IsValidRedirect(rdUnescaped) {
+				t.Errorf("Expected %q to not be valid (unescaped: %q)", rd, rdUnescaped)
+			}
+		})
+	}
+
+	if err := scanner.Err(); err != nil {
+		t.Fatal(err)
+	}
+}
+
 type TestProvider struct {
 	*providers.ProviderData
 	EmailAddress   string
diff --git a/test/openredirects.txt b/test/openredirects.txt
new file mode 100644
index 00000000..e68743e7
--- /dev/null
+++ b/test/openredirects.txt
@@ -0,0 +1,559 @@
+
+";alert(0);//
+%19Jav%09asc%09ript:https%20://www.whitelisteddomain.tld/%250Aconfirm%25281%2529
+%68%74%74%70%3a%2f%2f%67%6f%6f%67%6c%65%2e%63%6f%6d
+.localdomain.pw
+/%09/example.com
+/%09/example.com@google.com
+/%09/google.com
+/%09/javascript:alert(1)
+/%09/javascript:alert(1);
+/%09/localdomain.pw
+/%09/www.whitelisteddomain.tld@google.com
+/%09/www.whitelisteddomain.tld@localdomain.pw
+/%2f%2f%2fbing.com%2f%3fwww.omise.co
+/%2f%2fexample.com
+/%2f%2fgoogle.com
+/%2f%2flocaldomain.pw
+/%2f%5c%2f%67%6f%6f%67%6c%65%2e%63%6f%6d/
+/%5cexample.com
+/%5cexample.com@google.com
+/%5cgoogle.com
+/%5cjavascript:alert(1)
+/%5cjavascript:alert(1);
+/%5clocaldomain.pw
+/%5cwww.whitelisteddomain.tld@google.com
+/%5cwww.whitelisteddomain.tld@localdomain.pw
+/%68%74%74%70%3a%2f%2f%67%6f%6f%67%6c%65%2e%63%6f%6d
+//%09/example.com
+//%09/example.com@google.com
+//%09/google.com
+//%09/localdomain.pw
+//%09/www.whitelisteddomain.tld@google.com
+//%09/www.whitelisteddomain.tld@localdomain.pw
+//%2fxgoogle.com
+//%5cexample.com
+//%5cexample.com@google.com
+//%5cgoogle.com
+//%5cjavascript:alert(1)
+//%5cjavascript:alert(1);
+//%5clocaldomain.pw
+//%5cwww.whitelisteddomain.tld@google.com
+//%5cwww.whitelisteddomain.tld@localdomain.pw
+///%09/example.com
+///%09/example.com@google.com
+///%09/google.com
+///%09/localdomain.pw
+///%09/www.whitelisteddomain.tld@google.com
+///%09/www.whitelisteddomain.tld@localdomain.pw
+///%5cexample.com
+///%5cexample.com@google.com
+///%5cgoogle.com
+///%5clocaldomain.pw
+///%5cwww.whitelisteddomain.tld@google.com
+///%5cwww.whitelisteddomain.tld@localdomain.pw
+////%09/example.com
+////%09/example.com@google.com
+////%09/google.com
+////%09/localdomain.pw
+////%09/www.whitelisteddomain.tld@google.com
+////%09/www.whitelisteddomain.tld@localdomain.pw
+////%5cexample.com
+////%5cexample.com@google.com
+////%5cgoogle.com
+////%5clocaldomain.pw
+////%5cwww.whitelisteddomain.tld@google.com
+////%5cwww.whitelisteddomain.tld@localdomain.pw
+/////example.com
+/////example.com/
+/////google.com/
+/////localdomain.pw
+/////localdomain.pw/
+////\;@example.com
+////example.com/
+////example.com/%2e%2e
+////example.com/%2e%2e%2f
+////example.com/%2f%2e%2e
+////example.com/%2f..
+////example.com//
+////example.com@google.com/
+////example.com@google.com/%2e%2e
+////example.com@google.com/%2e%2e%2f
+////example.com@google.com/%2f%2e%2e
+////example.com@google.com/%2f..
+////example.com@google.com//
+////google.com/
+////google.com/%2e%2e
+////google.com/%2e%2e%2f
+////google.com/%2f%2e%2e
+////google.com/%2f..
+////google.com//
+////localdomain.pw/
+////localdomain.pw/%2e%2e
+////localdomain.pw/%2e%2e%2f
+////localdomain.pw/%2f%2e%2e
+////localdomain.pw/%2f..
+////localdomain.pw//
+////www.google.com/%2e%2e
+////www.google.com/%2e%2e%2f
+////www.google.com/%2f%2e%2e
+////www.whitelisteddomain.tld@google.com/
+////www.whitelisteddomain.tld@google.com/%2f..
+////www.whitelisteddomain.tld@google.com//
+////www.whitelisteddomain.tld@localdomain.pw/
+////www.whitelisteddomain.tld@localdomain.pw/%2e%2e
+////www.whitelisteddomain.tld@localdomain.pw/%2e%2e%2f
+////www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
+////www.whitelisteddomain.tld@localdomain.pw/%2f..
+////www.whitelisteddomain.tld@localdomain.pw//
+////www.whitelisteddomain.tld@www.google.com/%2e%2e
+////www.whitelisteddomain.tld@www.google.com/%2e%2e%2f
+////www.whitelisteddomain.tld@www.google.com/%2f%2e%2e
+///\;@example.com
+///\;@google.com
+///\;@localdomain.pw
+///example.com
+///example.com/
+///example.com/%2e%2e
+///example.com/%2e%2e%2f
+///example.com/%2f%2e%2e
+///example.com/%2f..
+///example.com//
+///example.com@google.com/
+///example.com@google.com/%2e%2e
+///example.com@google.com/%2e%2e%2f
+///example.com@google.com/%2f%2e%2e
+///example.com@google.com/%2f..
+///example.com@google.com//
+///google.com
+///google.com/
+///google.com/%2e%2e
+///google.com/%2e%2e%2f
+///google.com/%2f%2e%2e
+///google.com/%2f..
+///google.com//
+///localdomain.pw
+///localdomain.pw/
+///localdomain.pw/%2e%2e
+///localdomain.pw/%2e%2e%2f
+///localdomain.pw/%2f%2e%2e
+///localdomain.pw/%2f..
+///localdomain.pw//
+///www.google.com/%2e%2e
+///www.google.com/%2e%2e%2f
+///www.google.com/%2f%2e%2e
+///www.whitelisteddomain.tld@google.com/
+///www.whitelisteddomain.tld@google.com/%2f..
+///www.whitelisteddomain.tld@google.com//
+///www.whitelisteddomain.tld@localdomain.pw/
+///www.whitelisteddomain.tld@localdomain.pw/%2e%2e
+///www.whitelisteddomain.tld@localdomain.pw/%2e%2e%2f
+///www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
+///www.whitelisteddomain.tld@localdomain.pw/%2f..
+///www.whitelisteddomain.tld@localdomain.pw//
+///www.whitelisteddomain.tld@www.google.com/%2e%2e
+///www.whitelisteddomain.tld@www.google.com/%2e%2e%2f
+///www.whitelisteddomain.tld@www.google.com/%2f%2e%2e
+//3H6k7lIAiqjfNeN@example.com+@google.com/
+//3H6k7lIAiqjfNeN@example.com@google.com/
+//3H6k7lIAiqjfNeN@www.whitelisteddomain.tld+@localdomain.pw/
+//3H6k7lIAiqjfNeN@www.whitelisteddomain.tld@localdomain.pw/
+//;@google.com
+//;@localdomain.pw
+//XY>.7d8T\205pZM@example.com+@google.com/
+//XY>.7d8T\205pZM@example.com@google.com/
+//XY>.7d8T\205pZM@www.whitelisteddomain.tld+@localdomain.pw/
+//XY>.7d8T\205pZM@www.whitelisteddomain.tld@localdomain.pw/
+//example.com
+//example.com+&@google.com#+@example.com/
+//example.com/
+//example.com/%2e%2e
+//example.com/%2e%2e%2f
+//example.com/%2f%2e%2e
+//example.com/%2f..
+//example.com//
+//example.com@google.com/
+//example.com@google.com/%2e%2e%2f
+//example.com@google.com/%2f%2e%2e
+//example.com@google.com/%2f..
+//example.com@google.com//
+//example.com@https:///google.com/%2e%2e
+//google%00.com
+//google%E3%80%82com
+//google.com
+//google.com/
+//google.com/%2e%2e%2f
+//google.com/%2f%2e%2e
+//google.com/%2f..
+//google.com//
+//google.com:80#@example.com/
+//google.com:80?@example.com/
+//google.com\@example.com
+//google.com\@www.whitelisteddomain.tld
+//google.com\texample.com/
+//https:///example.com/%2e%2e
+//https:///google.com/%2e%2e
+//https:///localdomain.pw/%2e%2e
+//https:///www.google.com/%2e%2e
+//https://example.com/%2e%2e%2f
+//https://example.com//
+//https://example.com@google.com/%2e%2e%2f
+//https://example.com@google.com//
+//https://google.com/%2e%2e%2f
+//https://google.com//
+//https://localdomain.pw/%2e%2e%2f
+//https://localdomain.pw//
+//https://www.google.com/%2e%2e%2f
+//https://www.whitelisteddomain.tld@google.com//
+//https://www.whitelisteddomain.tld@localdomain.pw/%2e%2e%2f
+//https://www.whitelisteddomain.tld@localdomain.pw//
+//https://www.whitelisteddomain.tld@www.google.com/%2e%2e%2f
+//javascript:alert(1)
+//javascript:alert(1);
+//localdomain%00.pw
+//localdomain%E3%80%82pw
+//localdomain.pw
+//localdomain.pw/
+//localdomain.pw/%2e%2e%2f
+//localdomain.pw/%2f%2e%2e
+//localdomain.pw/%2f..
+//localdomain.pw//
+//localdomain.pw:80#@www.whitelisteddomain.tld/
+//localdomain.pw:80?@www.whitelisteddomain.tld/
+//localdomain.pw\@www.whitelisteddomain.tld
+//localdomain.pw\twww.whitelisteddomain.tld/
+//www.google.com/%2e%2e%2f
+//www.google.com/%2f%2e%2e
+//www.whitelisteddomain.tld+&@localdomain.pw#+@www.whitelisteddomain.tld/
+//www.whitelisteddomain.tld@google.com/
+//www.whitelisteddomain.tld@google.com/%2f..
+//www.whitelisteddomain.tld@google.com//
+//www.whitelisteddomain.tld@https:///localdomain.pw/%2e%2e
+//www.whitelisteddomain.tld@https:///www.google.com/%2e%2e
+//www.whitelisteddomain.tld@localdomain.pw/
+//www.whitelisteddomain.tld@localdomain.pw/%2e%2e%2f
+//www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
+//www.whitelisteddomain.tld@localdomain.pw/%2f..
+//www.whitelisteddomain.tld@localdomain.pw//
+//www.whitelisteddomain.tld@www.google.com/%2e%2e%2f
+//www.whitelisteddomain.tld@www.google.com/%2f%2e%2e
+/<>//example.com
+/?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com&redirect_uri=//example.com
+/?url=/\/example.com&next=/\/example.com&redirect=/\/example.com&redirect_uri=/\/example.com
+/?url=Https://example.com&next=Https://example.com&redirect=Https://example.com&redir=Https://example.com&rurl=Https://example.com&redirect_uri=Https://example.com
+/ReceiveAutoRedirect/false?desiredLocationUrl=http://xssposed.org
+/\/\/example.com/
+/\/example.com/
+/\/google.com/
+/\/localdomain.pw/
+/example.com/%2f%2e%2e
+/google.com/%2f%2e%2e
+/http://%67%6f%6f%67%6c%65%2e%63%6f%6d
+/http://example.com
+/http://google.com
+/http://localdomain.pw
+/https:/%5cexample.com/
+/https:/%5cgoogle.com/
+/https:/%5clocaldomain.pw/
+/https://%09/example.com
+/https://%5cexample.com
+/https://%5cexample.com@google.com
+/https://%5cgoogle.com
+/https://%5clocaldomain.pw
+/https://%5cwww.whitelisteddomain.tld@google.com
+/https://%5cwww.whitelisteddomain.tld@localdomain.pw
+/https:///example.com/%2e%2e
+/https:///example.com/%2f%2e%2e
+/https:///example.com@google.com/%2f%2e%2e
+/https:///google.com/%2f%2e%2e
+/https:///localdomain.pw/%2f%2e%2e
+/https:///www.google.com/%2f%2e%2e
+/https:///www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
+/https:///www.whitelisteddomain.tld@www.google.com/%2f%2e%2e
+/https://example.com
+/https://example.com/
+/https://example.com/%2e%2e
+/https://example.com/%2e%2e%2f
+/https://example.com/%2f%2e%2e
+/https://example.com/%2f..
+/https://example.com//
+/https://example.com@google.com/
+/https://example.com@google.com/%2e%2e
+/https://example.com@google.com/%2f%2e%2e
+/https://example.com@google.com/%2f..
+/https://google.com/
+/https://google.com/%2e%2e
+/https://google.com/%2f%2e%2e
+/https://google.com/%2f..
+/https://localdomain.pw/
+/https://localdomain.pw/%2e%2e
+/https://localdomain.pw/%2f%2e%2e
+/https://localdomain.pw/%2f..
+/https://www.google.com/%2e%2e
+/https://www.google.com/%2f%2e%2e
+/https://www.whitelisteddomain.tld@google.com/
+/https://www.whitelisteddomain.tld@google.com/%2f..
+/https://www.whitelisteddomain.tld@localdomain.pw/
+/https://www.whitelisteddomain.tld@localdomain.pw/%2e%2e
+/https://www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
+/https://www.whitelisteddomain.tld@localdomain.pw/%2f..
+/https://www.whitelisteddomain.tld@www.google.com/%2e%2e
+/https://www.whitelisteddomain.tld@www.google.com/%2f%2e%2e
+/localdomain.pw/%2f%2e%2e
+/redirect?url=//example.com&next=//example.com&redirect=//example.com&redir=//example.com&rurl=//example.com&redirect_uri=//example.com
+/redirect?url=/\/example.com&next=/\/example.com&redirect=/\/example.com&redir=/\/example.com&rurl=/\/example.com&redirect_uri=/\/example.com
+/redirect?url=Https://example.com&next=Https://example.com&redirect=Https://example.com&redir=Https://example.com&rurl=Https://example.com&redirect_uri=Https://example.com
+/x:1/:///%01javascript:alert(document.cookie)/
+<>//google.com
+<>//localdomain.pw
+<>javascript:alert(1);
+@google.com
+@localdomain.pw
+Javas%26%2399;ript:alert(1)
+\/\/google.com/
+\/\/localdomain.pw/
+\152\141\166\141\163\143\162\151\160\164\072alert(1)
+\j\av\a\s\cr\i\pt\:\a\l\ert\(1\)
+\u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003aalert(1)
+\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert(1)
+data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIik8L3NjcmlwdD4=
+data:www.whitelisteddomain.tld;text/html;charset=UTF-8,<html><script>document.write(document.domain);</script><iframe/src=xxxxx>aaaa</iframe></html>
+http://%67%6f%6f%67%6c%65%2e%63%6f%6d
+http://.localdomain.pw
+http://00330.00072.0000326.00000316
+http://00330.0x3a.54990
+http://00330.3856078
+http://0330.072.0326.0316
+http://0xd8.072.54990
+http://0xd8.0x3a.0xd6.0xce
+http://0xd8.3856078
+http://0xd83ad6ce
+http://3627734734
+http://3H6k7lIAiqjfNeN@00330.00072.0000326.00000316
+http://3H6k7lIAiqjfNeN@00330.0x3a.54990
+http://3H6k7lIAiqjfNeN@00330.3856078
+http://3H6k7lIAiqjfNeN@0330.072.0326.0316
+http://3H6k7lIAiqjfNeN@0xd8.072.54990
+http://3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce
+http://3H6k7lIAiqjfNeN@0xd8.3856078
+http://3H6k7lIAiqjfNeN@0xd83ad6ce
+http://3H6k7lIAiqjfNeN@3627734734
+http://3H6k7lIAiqjfNeN@472.314.470.462
+http://3H6k7lIAiqjfNeN@[::216.58.214.206]
+http://3H6k7lIAiqjfNeN@[::ffff:216.58.214.206]
+http://3H6k7lIAiqjfNeN@example.com+@google.com/
+http://3H6k7lIAiqjfNeN@example.com@google.com/
+http://3H6k7lIAiqjfNeN@www.whitelisteddomain.tld+@localdomain.pw/
+http://3H6k7lIAiqjfNeN@www.whitelisteddomain.tld@localdomain.pw/
+http://472.314.470.462
+http://;@google.com
+http://;@localdomain.pw
+http://XY>.7d8T\205pZM@00330.00072.0000326.00000316
+http://XY>.7d8T\205pZM@00330.0x3a.54990
+http://XY>.7d8T\205pZM@00330.3856078
+http://XY>.7d8T\205pZM@0330.072.0326.0316
+http://XY>.7d8T\205pZM@0xd8.072.54990
+http://XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce
+http://XY>.7d8T\205pZM@0xd8.3856078
+http://XY>.7d8T\205pZM@0xd83ad6ce
+http://XY>.7d8T\205pZM@3627734734
+http://XY>.7d8T\205pZM@472.314.470.462
+http://XY>.7d8T\205pZM@[::216.58.214.206]
+http://XY>.7d8T\205pZM@[::ffff:216.58.214.206]
+http://XY>.7d8T\205pZM@example.com+@google.com/
+http://XY>.7d8T\205pZM@example.com@google.com/
+http://XY>.7d8T\205pZM@www.whitelisteddomain.tld+@localdomain.pw/
+http://XY>.7d8T\205pZM@www.whitelisteddomain.tld@localdomain.pw/
+http://[::216.58.214.206]
+http://[::ffff:216.58.214.206]
+http://example.com%2egoogle.com/
+http://example.com+&@google.com#+@example.com/
+http://example.com:80%40google.com/
+http://example.com@00330.00072.0000326.00000316
+http://example.com@00330.0x3a.54990
+http://example.com@00330.3856078
+http://example.com@0330.072.0326.0316
+http://example.com@0xd8.072.54990
+http://example.com@0xd8.0x3a.0xd6.0xce
+http://example.com@0xd8.3856078
+http://example.com@0xd83ad6ce
+http://example.com@3627734734
+http://example.com@472.314.470.462
+http://example.com@[::216.58.214.206]
+http://example.com@[::ffff:216.58.214.206]
+http://google.com%23.example.com/
+http://google.com%2f%2f.example.com/
+http://google.com%3F.example.com/
+http://google.com%5c%5c.example.com/
+http://google.com:80#@example.com/
+http://google.com:80#@www.whitelisteddomain.tld/
+http://google.com:80?@example.com/
+http://google.com:80?@www.whitelisteddomain.tld/
+http://google.com\texample.com/
+http://localdomain.pw%23.www.whitelisteddomain.tld/
+http://localdomain.pw%2f%2f.www.whitelisteddomain.tld/
+http://localdomain.pw%3F.www.whitelisteddomain.tld/
+http://localdomain.pw%5c%5c.www.whitelisteddomain.tld/
+http://localdomain.pw:80#@www.whitelisteddomain.tld/
+http://localdomain.pw:80?@www.whitelisteddomain.tld/
+http://localdomain.pw\twww.whitelisteddomain.tld/
+http://www.localdomain.pw\.www.whitelisteddomain.tld
+http://www.whitelisteddomain.tld%2elocaldomain.pw/
+http://www.whitelisteddomain.tld+&@localdomain.pw#+@www.whitelisteddomain.tld/
+http://www.whitelisteddomain.tld:80%40localdomain.pw/
+http://www.whitelisteddomain.tld@00330.00072.0000326.00000316
+http://www.whitelisteddomain.tld@00330.0x3a.54990
+http://www.whitelisteddomain.tld@00330.3856078
+http://www.whitelisteddomain.tld@0330.072.0326.0316
+http://www.whitelisteddomain.tld@0xd8.072.54990
+http://www.whitelisteddomain.tld@0xd8.0x3a.0xd6.0xce
+http://www.whitelisteddomain.tld@0xd8.3856078
+http://www.whitelisteddomain.tld@0xd83ad6ce
+http://www.whitelisteddomain.tld@3627734734
+http://www.whitelisteddomain.tld@472.314.470.462
+http://www.whitelisteddomain.tld@[::216.58.214.206]
+http://www.whitelisteddomain.tld@[::ffff:216.58.214.206]
+http:00330.00072.0000326.00000316
+http:00330.0x3a.54990
+http:00330.3856078
+http:0330.072.0326.0316
+http:0xd8.072.54990
+http:0xd8.0x3a.0xd6.0xce
+http:0xd8.3856078
+http:0xd83ad6ce
+http:3627734734
+http:3H6k7lIAiqjfNeN@00330.00072.0000326.00000316
+http:3H6k7lIAiqjfNeN@00330.0x3a.54990
+http:3H6k7lIAiqjfNeN@00330.3856078
+http:3H6k7lIAiqjfNeN@0330.072.0326.0316
+http:3H6k7lIAiqjfNeN@0xd8.072.54990
+http:3H6k7lIAiqjfNeN@0xd8.0x3a.0xd6.0xce
+http:3H6k7lIAiqjfNeN@0xd8.3856078
+http:3H6k7lIAiqjfNeN@0xd83ad6ce
+http:3H6k7lIAiqjfNeN@3627734734
+http:3H6k7lIAiqjfNeN@472.314.470.462
+http:3H6k7lIAiqjfNeN@[::216.58.214.206]
+http:3H6k7lIAiqjfNeN@[::ffff:216.58.214.206]
+http:472.314.470.462
+http:XY>.7d8T\205pZM@00330.00072.0000326.00000316
+http:XY>.7d8T\205pZM@00330.0x3a.54990
+http:XY>.7d8T\205pZM@00330.3856078
+http:XY>.7d8T\205pZM@0330.072.0326.0316
+http:XY>.7d8T\205pZM@0xd8.072.54990
+http:XY>.7d8T\205pZM@0xd8.0x3a.0xd6.0xce
+http:XY>.7d8T\205pZM@0xd8.3856078
+http:XY>.7d8T\205pZM@0xd83ad6ce
+http:XY>.7d8T\205pZM@3627734734
+http:XY>.7d8T\205pZM@472.314.470.462
+http:XY>.7d8T\205pZM@[::216.58.214.206]
+http:XY>.7d8T\205pZM@[::ffff:216.58.214.206]
+http:[::216.58.214.206]
+http:[::ffff:216.58.214.206]
+http:example.com@00330.00072.0000326.00000316
+http:example.com@00330.0x3a.54990
+http:example.com@00330.3856078
+http:example.com@0330.072.0326.0316
+http:example.com@0xd8.072.54990
+http:example.com@0xd8.0x3a.0xd6.0xce
+http:example.com@0xd8.3856078
+http:example.com@0xd83ad6ce
+http:example.com@3627734734
+http:example.com@472.314.470.462
+http:example.com@[::216.58.214.206]
+http:example.com@[::ffff:216.58.214.206]
+http:www.whitelisteddomain.tld@00330.00072.0000326.00000316
+http:www.whitelisteddomain.tld@00330.0x3a.54990
+http:www.whitelisteddomain.tld@00330.3856078
+http:www.whitelisteddomain.tld@0330.072.0326.0316
+http:www.whitelisteddomain.tld@0xd8.072.54990
+http:www.whitelisteddomain.tld@0xd8.0x3a.0xd6.0xce
+http:www.whitelisteddomain.tld@0xd8.3856078
+http:www.whitelisteddomain.tld@0xd83ad6ce
+http:www.whitelisteddomain.tld@3627734734
+http:www.whitelisteddomain.tld@472.314.470.462
+http:www.whitelisteddomain.tld@[::216.58.214.206]
+http:www.whitelisteddomain.tld@[::ffff:216.58.214.206]
+https://%09/example.com@google.com
+https://%09/google.com
+https://%09/localdomain.pw
+https://%09/www.whitelisteddomain.tld@google.com
+https://%09/www.whitelisteddomain.tld@localdomain.pw
+https://%5cexample.com@google.com
+https://%5cgoogle.com
+https://%5clocaldomain.pw
+https://%5cwww.whitelisteddomain.tld@google.com
+https://%5cwww.whitelisteddomain.tld@localdomain.pw
+https:///example.com@google.com/%2e%2e
+https:///example.com@google.com/%2f%2e%2e
+https:///google.com/%2e%2e
+https:///google.com/%2f%2e%2e
+https:///localdomain.pw/%2e%2e
+https:///localdomain.pw/%2f%2e%2e
+https:///www.google.com/%2e%2e
+https:///www.google.com/%2f%2e%2e
+https:///www.whitelisteddomain.tld@localdomain.pw/%2e%2e
+https:///www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
+https:///www.whitelisteddomain.tld@www.google.com/%2e%2e
+https:///www.whitelisteddomain.tld@www.google.com/%2f%2e%2e
+https://:@google.com\@example.com
+https://:@google.com\@www.whitelisteddomain.tld
+https://:@localdomain.pw\@www.whitelisteddomain.tld
+https://example.com/https://google.com/
+https://example.com@google.com
+https://example.com@google.com/
+https://example.com@google.com/%2e%2e%2f
+https://example.com@google.com/%2f%2e%2e
+https://example.com@google.com/%2f..
+https://example.com@google.com//
+https://google.com
+https://google.com/
+https://google.com/%2e%2e%2f
+https://google.com/%2f%2e%2e
+https://google.com/%2f..
+https://google.com//
+https://localdomain.pw
+https://localdomain.pw/
+https://localdomain.pw/%2e%2e%2f
+https://localdomain.pw/%2f%2e%2e
+https://localdomain.pw/%2f..
+https://localdomain.pw//
+https://www.google.com/%2e%2e%2f
+https://www.google.com/%2f%2e%2e
+https://www.whitelisteddomain.tld@google.com
+https://www.whitelisteddomain.tld@google.com/
+https://www.whitelisteddomain.tld@google.com/%2f..
+https://www.whitelisteddomain.tld@google.com//
+https://www.whitelisteddomain.tld@localdomain.pw
+https://www.whitelisteddomain.tld@localdomain.pw/
+https://www.whitelisteddomain.tld@localdomain.pw/%2e%2e%2f
+https://www.whitelisteddomain.tld@localdomain.pw/%2f%2e%2e
+https://www.whitelisteddomain.tld@localdomain.pw/%2f..
+https://www.whitelisteddomain.tld@localdomain.pw//
+https://www.whitelisteddomain.tld@www.google.com/%2e%2e%2f
+https://www.whitelisteddomain.tld@www.google.com/%2f%2e%2e
+https:google.com
+https:localdomain.pw
+jaVAscript://www.whitelisteddomain.tld//%0d%0aalert(1);//
+ja\nva\tscript\r:alert(1)
+java%09script:alert(1)
+java%0ascript:alert(1)
+java%0d%0ascript%0d%0a:alert(0)
+java%0dscript:alert(1)
+javascripT://anything%0D%0A%0D%0Awindow.alert(document.cookie)
+javascript://%0aalert(1)
+javascript://example.com?%a0alert%281%29
+javascript://https://example.com/?z=%0Aalert(1)
+javascript://https://www.whitelisteddomain.tld/?z=%0Aalert(1)
+javascript://www.whitelisteddomain.tld?%a0alert%281%29
+javascript:alert(1)
+javascript:alert(1);
+〱google.com
+〱localdomain.pw
+〵google.com
+〵localdomain.pw
+ゝgoogle.com
+ゝlocaldomain.pw
+ーgoogle.com
+ーlocaldomain.pw
+ｰgoogle.com
+ｰlocaldomain.pw