diff --git a/homeassistant/components/hassio/handler.py b/homeassistant/components/hassio/handler.py
index 305b9d4961b..c57e43f73f3 100644
--- a/homeassistant/components/hassio/handler.py
+++ b/homeassistant/components/hassio/handler.py
@@ -568,14 +568,13 @@ class HassIO:
 
         This method is a coroutine.
         """
-        url = f"http://{self._ip}{command}"
         joined_url = self._base_url.join(URL(command))
         # This check is to make sure the normalized URL string
         # is the same as the URL string that was passed in. If
         # they are different, then the passed in command URL
         # contained characters that were removed by the normalization
         # such as ../../../../etc/passwd
-        if url != str(joined_url):
+        if joined_url.raw_path != command:
             _LOGGER.error("Invalid request %s", command)
             raise HassioAPIError
 
diff --git a/tests/components/hassio/test_handler.py b/tests/components/hassio/test_handler.py
index c5fa6ff8254..949f96ece38 100644
--- a/tests/components/hassio/test_handler.py
+++ b/tests/components/hassio/test_handler.py
@@ -468,4 +468,11 @@ async def test_send_command_invalid_command(hass: HomeAssistant) -> None:
     """Test send command fails when command is invalid."""
     hassio: HassIO = hass.data["hassio"]
     with pytest.raises(HassioAPIError):
+        # absolute path
         await hassio.send_command("/test/../bad")
+    with pytest.raises(HassioAPIError):
+        # relative path
+        await hassio.send_command("test/../bad")
+    with pytest.raises(HassioAPIError):
+        # relative path with percent encoding
+        await hassio.send_command("test/%2E%2E/bad")