Uber UXSS
★ Backslash URL Confusion (TOP PRIORITY)
Uri.parse treats \ as regular char → host = "barbuber.com\.uber.com" → endsWith(".uber.com") = TRUE
Chromium treats \ as / → host = "barbuber.com" → loads YOUR page
Server requirement: serve uxss.html at /.uber.com/uxss.html
mkdir -p .uber.com && cp uxss.html .uber.com/uxss.html
Other URL confusion variants
Alternative uber:// deep links
Baseline (should fail)