Adds backslash `\` to the list of characters allowed in a HTTP request path.

Code search, among others, use backslash in request path query parameters.

Since this slightly relaxes a behavior we already rolled out to traffic managed GFEs, the existing flag is reused.

Protected by existing --gfe2_reloadable_flag_http2_reject_invalid_paths_non_cloud_3.

PiperOrigin-RevId: 693546750
diff --git a/quiche/balsa/header_properties.h b/quiche/balsa/header_properties.h
index 9b3d4de..678735b 100644
--- a/quiche/balsa/header_properties.h
+++ b/quiche/balsa/header_properties.h
@@ -51,10 +51,10 @@
 // The set of characters allowed in the Path and Query components of a URI, as
 // described in RFC 3986 Sections 3.3 and 3.4. Also includes the following
 // characters, which are not actually valid, but are seen in request paths on
-// the internet and unlikely to cause problems: []{}|^
+// the internet and unlikely to cause problems: []{}|^ and backslash.
 inline constexpr char kValidPathCharList[] =
     "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~%!$&'()*"
-    "+,;=:@/?[]{}|^";
+    "+,;=:@/?[]{}|^\\";
 
 // Returns true if the given `c` is invalid in a header field name. The first
 // version is spec compliant, the second one incorrectly allows '"'.
diff --git a/quiche/balsa/header_properties_test.cc b/quiche/balsa/header_properties_test.cc
index 4437d74..901c4c1 100644
--- a/quiche/balsa/header_properties_test.cc
+++ b/quiche/balsa/header_properties_test.cc
@@ -110,6 +110,8 @@
   EXPECT_FALSE(HasInvalidPathChar("/square[brackets]surprisingly/allowed"));
   EXPECT_FALSE(HasInvalidPathChar("/curly{braces}surprisingly/allowed"));
   EXPECT_FALSE(HasInvalidPathChar("/caret^pipe|surprisingly/allowed"));
+  // Surprise! Chrome sends backslash in query params, sometimes.
+  EXPECT_FALSE(HasInvalidPathChar("/path/with?backslash\\hooray"));
 
   EXPECT_TRUE(HasInvalidPathChar("/path with spaces"));
   EXPECT_TRUE(HasInvalidPathChar("/path\rwith\tother\nwhitespace"));