Sanitize other values when generating TypeScript bindings.

[fnando]

What

Sanitize other values when generating TypeScript bindings.

Why

So values are properly escaped.

Known limitations

Doesn't handle JS/TS keywords.

[Copilot]

Pull request overview

This PR improves the safety of generated TypeScript bindings by escaping additional user-provided values before embedding them into generated .ts source, reducing the risk of malformed output and code injection via string literal breakouts.

Changes:

• Exposes sanitize_string for crate-internal reuse.
• Escapes network_passphrase and contract_id before generating the networks constant in the TypeScript project boilerplate.
• Adds a regression test to ensure the generated networks snippet doesn’t contain unescaped injected code.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
cmd/crates/soroban-spec-typescript/src/lib.rs	Makes sanitize_string available to other modules within the crate to centralize TS string escaping.
cmd/crates/soroban-spec-typescript/src/boilerplate.rs	Applies string escaping to generated networks values and adds a test to validate sanitization.

Comments suppressed due to low confidence (1)

cmd/crates/soroban-spec-typescript/src/lib.rs:416

• sanitize_string still allows the Unicode line separator characters U+2028 and U+2029 through unescaped. In JS/TS source, these are treated as line terminators and can break a string literal (potentially re-enabling code injection even after escaping \n/\r). Consider escaping them as \\u2028 / \\u2029 (and adding a regression test), or switching to a string-escaping routine that guarantees JS/TS source compatibility for all line terminators.

/// Escape a string for use in a TypeScript string literal
pub(crate) fn sanitize_string(s: &str) -> String {
    s.replace('\\', "\\\\")
        .replace('"', "\\\"")
        .replace('\n', "\\n")
        .replace('\r', "\\r")
}