Routing in ASP.NET MVC maps controllers and actions to paths in request URIs.
In the former syntax specification of URIs, backslash characters (\) were not allowed at all (see section "2.4.3. Excluded US-ASCII Characters" of RFC 2396). While the current
specification (RFC 3986) doesn’t include anymore the "Excluded US-ASCII Characters"
section, most URL processors still don’t support backslash properly.
For instance, a backslash in the "path" part of a URL is automatically converted to a forward slash (/) both by Chrome and Internet
Explorer (see here).
As an example, \Calculator\Evaluate?expression=3\4 is converted on the fly into /Calculator/Evaluate?expression=3\4
before the HTTP request is made to the server.
While backslashes are allowed in the "query" part of a URL, and it’s common to have them as part of a complex query expression, the route of a
controller is always part of the "path".
That is why the use of backslashes in controller templates should be avoided in general.
What is the potential impact?
A backslash in the route pattern of a controller would only make sense if the developer intended the backslash in the route to be explicitly
escaped by the user, using %5C.
For example, the route Something\[controller] for the HomeController would need to be called as
Something%5CHome.
The validity of such a scenario is unlikely and the resulting behavior is surprising.
