Although VBScript has been discontinued by Microsoft, it was still
shipping with IE11 until a couple of years ago. Because the disabling
of VBscript in users OSes depends on an OS update, there could still be
many clients out there using browsers capable of executing VBScript
code. On the other hand, the cost of implementing the sanitization of the
protocol in the scope of this library is low.
crookedneighbor
commented
3 years ago
Introducing
vbscriptprotocol sanitization.Although VBScript has been discontinued by Microsoft, it was still shipping with IE11 until a couple of years ago. Because the disabling of VBscript in users OSes depends on an OS update, there could still be many clients out there using browsers capable of executing VBScript code. On the other hand, the cost of implementing the sanitization of the protocol in the scope of this library is low.
Fixes: https://github.com/braintree/sanitize-url/issues/26