BadUrlChars does not block URL contains "//".