diff --git a/pkg/tool/path.go b/pkg/tool/path.go
index 528db86df..e8f7bcbea 100644
--- a/pkg/tool/path.go
+++ b/pkg/tool/path.go
@@ -19,5 +19,6 @@ func IsSameSiteURLPath(url string) bool {
 func SanitizePath(path string) string {
 	path = strings.TrimLeft(path, "/")
 	path = strings.Replace(path, "../", "", -1)
+	path = strings.Replace(path, "..\\", "", -1)
 	return path
 }
diff --git a/pkg/tool/path_test.go b/pkg/tool/path_test.go
index 9f3441b11..d9b9fb219 100644
--- a/pkg/tool/path_test.go
+++ b/pkg/tool/path_test.go
@@ -39,8 +39,11 @@ func Test_SanitizePath(t *testing.T) {
 		}{
 			{"../../../../../../../../../data/gogs/data/sessions/a/9/a9f0ab6c3ef63dd8", "data/gogs/data/sessions/a/9/a9f0ab6c3ef63dd8"},
 			{"data/gogs/../../../../../../../../../data/sessions/a/9/a9f0ab6c3ef63dd8", "data/gogs/data/sessions/a/9/a9f0ab6c3ef63dd8"},
+			{"..\\..\\..\\..\\..\\..\\..\\..\\..\\data\\gogs\\data\\sessions\\a\\9\\a9f0ab6c3ef63dd8", "data\\gogs\\data\\sessions\\a\\9\\a9f0ab6c3ef63dd8"},
+			{"data\\gogs\\..\\..\\..\\..\\..\\..\\..\\..\\..\\data\\sessions\\a\\9\\a9f0ab6c3ef63dd8", "data\\gogs\\data\\sessions\\a\\9\\a9f0ab6c3ef63dd8"},
 
 			{"data/sessions/a/9/a9f0ab6c3ef63dd8", "data/sessions/a/9/a9f0ab6c3ef63dd8"},
+			{"data\\sessions\\a\\9\\a9f0ab6c3ef63dd8", "data\\sessions\\a\\9\\a9f0ab6c3ef63dd8"},
 		}
 		for _, tc := range testCases {
 			So(SanitizePath(tc.path), ShouldEqual, tc.expect)