@@ -4787,6 +4787,37 @@ describe('$compile', function() {
47874787 } ) ;
47884788 } ) ;
47894789
4790+ it ( 'should use $$sanitizeUri when declared via ng-href' , function ( ) {
4791+ var $$sanitizeUri = jasmine . createSpy ( '$$sanitizeUri' ) ;
4792+ module ( function ( $provide ) {
4793+ $provide . value ( '$$sanitizeUri' , $$sanitizeUri ) ;
4794+ } ) ;
4795+ inject ( function ( $compile , $rootScope ) {
4796+ element = $compile ( '<a ng-href="{{testUrl}}"></a>' ) ( $rootScope ) ;
4797+ $rootScope . testUrl = "someUrl" ;
4798+
4799+ $$sanitizeUri . andReturn ( 'someSanitizedUrl' ) ;
4800+ $rootScope . $apply ( ) ;
4801+ expect ( element . attr ( 'href' ) ) . toBe ( 'someSanitizedUrl' ) ;
4802+ expect ( $$sanitizeUri ) . toHaveBeenCalledWith ( $rootScope . testUrl , false ) ;
4803+ } ) ;
4804+ } ) ;
4805+
4806+ it ( 'should use $$sanitizeUri when working with svg and xlink:href' , function ( ) {
4807+ var $$sanitizeUri = jasmine . createSpy ( '$$sanitizeUri' ) ;
4808+ module ( function ( $provide ) {
4809+ $provide . value ( '$$sanitizeUri' , $$sanitizeUri ) ;
4810+ } ) ;
4811+ inject ( function ( $compile , $rootScope ) {
4812+ element = $compile ( '<svg><a xlink:href="" ng-href="{{ testUrl }}"></a></svg>' ) ( $rootScope ) ;
4813+ $rootScope . testUrl = "evilUrl" ;
4814+
4815+ $$sanitizeUri . andReturn ( 'someSanitizedUrl' ) ;
4816+ $rootScope . $apply ( ) ;
4817+ expect ( element . find ( 'a' ) . prop ( 'href' ) . baseVal ) . toBe ( 'someSanitizedUrl' ) ;
4818+ expect ( $$sanitizeUri ) . toHaveBeenCalledWith ( $rootScope . testUrl , false ) ;
4819+ } ) ;
4820+ } ) ;
47904821 } ) ;
47914822
47924823 describe ( 'interpolation on HTML DOM event handler attributes onclick, onXYZ, formaction' , function ( ) {
0 commit comments