The web application does not filter user-controlled input for
					executable script disguised using doubling of the involved
					characters.