Method: Owasp::Esapi::Encoder#encode_for_vbscript
- Defined in:
- lib/codec/encoder.rb
#encode_for_vbscript(input) ⇒ Object
Encode data for insertion inside a data value in a Visual Basic script. Putting user data directly inside a script is quite dangerous. Great care must be taken to prevent putting user data directly into script code itself, as no amount of encoding will prevent attacks there.
This method is not recommended as VBScript is only supported by Internet Explorer
266 267 268 269 |
# File 'lib/codec/encoder.rb', line 266 def encode_for_vbscript(input) return nil if input.nil? @vb_codec.encode(IMMUNE_VBSCRIPT,input) end |