diff options
| author | Igor Minar | 2013-02-19 09:55:05 -0800 |
|---|---|---|
| committer | Igor Minar | 2013-02-20 00:40:51 -0800 |
| commit | a8cc4497063118c766bdfa9464c9cbfc59413a81 (patch) | |
| tree | e2940be3b1ebc026a1b6a124bf53de8839fd6e60 /src/ng/directive/booleanAttrs.js | |
| parent | 2aa212b19c71df82287b4b074da3ab14cbf37348 (diff) | |
| download | angular.js-a8cc4497063118c766bdfa9464c9cbfc59413a81.tar.bz2 | |
fix($compile): sanitize values bound to a[href]
Diffstat (limited to 'src/ng/directive/booleanAttrs.js')
| -rw-r--r-- | src/ng/directive/booleanAttrs.js | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/ng/directive/booleanAttrs.js b/src/ng/directive/booleanAttrs.js index 80de41a4..b99cc6cb 100644 --- a/src/ng/directive/booleanAttrs.js +++ b/src/ng/directive/booleanAttrs.js @@ -309,8 +309,9 @@ forEach(['src', 'href'], function(attrName) { // on IE, if "ng:src" directive declaration is used and "src" attribute doesn't exist // then calling element.setAttribute('src', 'foo') doesn't do anything, so we need - // to set the property as well to achieve the desired effect - if (msie) element.prop(attrName, value); + // to set the property as well to achieve the desired effect. + // we use attr[attrName] value since $set can sanitize the url. + if (msie) element.prop(attrName, attr[attrName]); }); } }; |