Actually, the warning doesn't have to be unix centric. It can also
imply the warning about file systems at the same time. Suggested
wording:
While URLs paths are not file system paths, they may be
implemented as such. If this is the case, any path components
that have a meaning other than "descend into the named
directory" in the file system should be examined for possibly
security problems and disallowed if there are any. For example,
".." as a path component on Unix and MS-DOS means to go up one
directory level, which can potentially access files outside
the server tree, and should thus be disallowed.
See - it has a non-Unix-centric warning, a warning that URLs are not
file paths, and mentions ".." explicitly.
<mike