twiml-rust 0.1.0

TwiML (Twilio Markup Language) library for generating Voice, Messaging, and Fax XML responses
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

use twiml_rust::xml_escape::{escape_xml_attr, escape_xml_text};

#[test]
fn test_escape_xml_text_basic() {
    assert_eq!(escape_xml_text("Hello World"), "Hello World");
}

#[test]
fn test_escape_xml_text_ampersand() {
    assert_eq!(escape_xml_text("Tom & Jerry"), "Tom & Jerry");
}

#[test]
fn test_escape_xml_text_less_than() {
    assert_eq!(escape_xml_text("5 < 10"), "5 &lt; 10");
}

#[test]
fn test_escape_xml_text_greater_than() {
    assert_eq!(escape_xml_text("10 > 5"), "10 &gt; 5");
}

#[test]
fn test_escape_xml_text_tags() {
    assert_eq!(
        escape_xml_text("<script>alert('xss')</script>"),
        "&lt;script&gt;alert('xss')&lt;/script&gt;"
    );
}

#[test]
fn test_escape_xml_text_multiple() {
    assert_eq!(escape_xml_text("A & B < C > D"), "A &amp; B &lt; C &gt; D");
}

#[test]
fn test_escape_xml_text_injection_attempt() {
    // Note: escape_xml_text doesn't escape quotes - only < > &
    // Quotes are only escaped in attributes via escape_xml_attr
    assert_eq!(
        escape_xml_text("Hello</Body><Message to=\"+1-attacker\"><Body>Hacked"),
        "Hello&lt;/Body&gt;&lt;Message to=\"+1-attacker\"&gt;&lt;Body&gt;Hacked"
    );
}

#[test]
fn test_escape_xml_attr_basic() {
    assert_eq!(escape_xml_attr("Hello World"), "Hello World");
}

#[test]
fn test_escape_xml_attr_double_quotes() {
    assert_eq!(escape_xml_attr("Say \"Hello\""), "Say &quot;Hello&quot;");
}

#[test]
fn test_escape_xml_attr_single_quotes() {
    assert_eq!(escape_xml_attr("It's fine"), "It&apos;s fine");
}

#[test]
fn test_escape_xml_attr_all_special_chars() {
    assert_eq!(escape_xml_attr("&<>\"'"), "&amp;&lt;&gt;&quot;&apos;");
}

#[test]
fn test_escape_xml_attr_injection_attempt() {
    assert_eq!(
        escape_xml_attr("\" onload=\"alert('xss')"),
        "&quot; onload=&quot;alert(&apos;xss&apos;)"
    );
}

#[test]
fn test_escape_xml_attr_url_with_params() {
    assert_eq!(
        escape_xml_attr("https://example.com?a=1&b=2"),
        "https://example.com?a=1&amp;b=2"
    );
}