Skip to content

Commit

Permalink
fix: escape special characters in TwiML attribute values (#501)
Browse files Browse the repository at this point in the history
  • Loading branch information
childish-sambino authored Nov 14, 2019
1 parent a90db98 commit c6758fb
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 3 deletions.
4 changes: 2 additions & 2 deletions lib/twiml/TwiML.js
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,9 @@ function TwiML() {
stringify: {
attValue: function (value) {
if (Array.isArray(value)) {
return value.join(' ');
value = value.join(' ');
}
return value;
return this.attEscape('' + value || '');
}
}
}).dec('1.0', 'UTF-8');
Expand Down
9 changes: 8 additions & 1 deletion spec/unit/twiml/VoiceResponse.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -167,11 +167,18 @@ describe('create voice response TwiML', function() {

it('should serialize array attributes as space delimited', function() {
var actual = new VoiceResponse();
actual.dial().number({ statusCallbackEvents: ["initiated", "ringing"] }, '+11234567890')
actual.dial().number({ statusCallbackEvents: ['initiated', 'ringing'] }, '+11234567890');

expect(actual.toString()).toEqual('<?xml version="1.0" encoding="UTF-8"?><Response><Dial><Number statusCallbackEvents="initiated ringing">+11234567890</Number></Dial></Response>');
});

it('should escape special characters', function() {
var actual = new VoiceResponse();
actual.dial().number({ statusCallback: 'https://example.com?action=getTwiml&param=dial' }, '+11234567890');

expect(actual.toString()).toEqual('<?xml version="1.0" encoding="UTF-8"?><Response><Dial><Number statusCallback="https://example.com?action=getTwiml&amp;param=dial">+11234567890</Number></Dial></Response>');
});

it('should allow adding arbitrary text to leaf nodes', function() {
var actual = new VoiceResponse();
actual.hangup().addText('extra text');
Expand Down

0 comments on commit c6758fb

Please sign in to comment.