It's possible to bypass URL filtering by using escape sequences.
vulners.com/securityvulns/securityvulns:doc:8880