Standard URL encoding uses % (e.g., file:// → file%3A%2F%2F ). The format with hyphens ( -3A-2F-2F-2F ) suggests:
Accessing /proc/self/environ is particularly dangerous because environment variables often contain: callback-url-file-3A-2F-2F-2Fproc-2Fself-2Fenviron