1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
//! XML escaping utilities to prevent XML injection attacks.
//!
//! This module provides functions to safely escape user-provided content
//! before inserting it into XML documents.
/// Escape XML text content.
///
/// Escapes the following characters:
/// - `&` → `&`
/// - `<` → `<`
/// - `>` → `>`
///
/// This function should be used for text content between XML tags.
///
/// # Arguments
/// * `text` - The text to escape
///
/// # Returns
/// The escaped text safe for use in XML content
///
/// # Example
/// ```
/// use twiml_rust::xml_escape::escape_xml_text;
///
/// let safe = escape_xml_text("Hello <script>alert('xss')</script>");
/// assert_eq!(safe, "Hello <script>alert('xss')</script>");
/// ```
/// Escape XML attribute values.
///
/// Escapes the following characters:
/// - `&` → `&`
/// - `<` → `<`
/// - `>` → `>`
/// - `"` → `"`
/// - `'` → `'`
///
/// This function should be used for attribute values in XML tags.
///
/// # Arguments
/// * `text` - The attribute value to escape
///
/// # Returns
/// The escaped text safe for use in XML attributes
///
/// # Example
/// ```
/// use twiml_rust::xml_escape::escape_xml_attr;
///
/// let safe = escape_xml_attr("value with \"quotes\" and <tags>");
/// assert_eq!(safe, "value with "quotes" and <tags>");
/// ```