1 files changed, 42 insertions, 6 deletions

diff --git a/test/ng/directive/ngBindSpec.js b/test/ng/directive/ngBindSpec.js
index da291fa4..1d8f8ef4 100644
--- a/test/ng/directive/ngBindSpec.js
+++ b/test/ng/directive/ngBindSpec.js
@@ -69,11 +69,47 @@ describe('ngBind*', function() {
 
   describe('ngBindHtmlUnsafe', function() {
 
-    it('should set unsafe html', inject(function($rootScope, $compile) {
-      element = $compile('<div ng-bind-html-unsafe="html"></div>')($rootScope);
-      $rootScope.html = '<div onclick="">hello</div>';
-      $rootScope.$digest();
-      expect(angular.lowercase(element.html())).toEqual('<div onclick="">hello</div>');
-    }));
+    function configureSce(enabled) {
+      module(function($provide, $sceProvider) {
+        $sceProvider.enabled(enabled);
+      });
+    };
+
+    describe('SCE disabled', function() {
+      beforeEach(function() {configureSce(false)});
+
+      it('should set unsafe html', inject(function($rootScope, $compile) {
+        element = $compile('<div ng-bind-html-unsafe="html"></div>')($rootScope);
+        $rootScope.html = '<div onclick="">hello</div>';
+        $rootScope.$digest();
+        expect(angular.lowercase(element.html())).toEqual('<div onclick="">hello</div>');
+      }));
+    });
+
+
+    describe('SCE enabled', function() {
+      beforeEach(function() {configureSce(true)});
+
+      it('should NOT set unsafe html for untrusted values', inject(function($rootScope, $compile) {
+        element = $compile('<div ng-bind-html-unsafe="html"></div>')($rootScope);
+        $rootScope.html = '<div onclick="">hello</div>';
+        expect($rootScope.$digest).toThrow();
+      }));
+
+      it('should NOT set unsafe html for wrongly typed values', inject(function($rootScope, $compile, $sce) {
+        element = $compile('<div ng-bind-html-unsafe="html"></div>')($rootScope);
+        $rootScope.html = $sce.trustAsCss('<div onclick="">hello</div>');
+        expect($rootScope.$digest).toThrow();
+      }));
+
+      it('should set unsafe html for trusted values', inject(function($rootScope, $compile, $sce) {
+        element = $compile('<div ng-bind-html-unsafe="html"></div>')($rootScope);
+        $rootScope.html = $sce.trustAsHtml('<div onclick="">hello</div>');
+        $rootScope.$digest();
+        expect(angular.lowercase(element.html())).toEqual('<div onclick="">hello</div>');
+      }));
+
+    });
+
   });
 });