1 files changed, 55 insertions, 4 deletions

diff --git a/test/ng/interpolateSpec.js b/test/ng/interpolateSpec.js
index 7569c0e2..d74b764a 100644
--- a/test/ng/interpolateSpec.js
+++ b/test/ng/interpolateSpec.js
@@ -67,6 +67,55 @@ describe('$interpolate', function() {
   }));
 
 
+  describe('interpolating in a trusted context', function() {
+    var sce;
+    beforeEach(function() {
+      function log() {};
+      var fakeLog = {log: log, warn: log, info: log, error: log};
+      module(function($provide, $sceProvider) {
+        $provide.value('$log', fakeLog);
+        $sceProvider.enabled(true);
+      });
+      inject(['$sce', function($sce) { sce = $sce; }]);
+    });
+
+    it('should NOT interpolate non-trusted expressions', inject(function($interpolate) {
+      var foo = "foo";
+      expect($interpolate('{{foo}}', true, sce.CSS)({}, {foo: foo})).toEqual('');
+    }));
+
+    it('should NOT interpolate mistyped expressions', inject(function($interpolate) {
+      var foo = sce.trustAsCss("foo");
+      expect($interpolate('{{foo}}', true, sce.HTML)({}, {foo: foo})).toEqual('');
+    }));
+
+    it('should interpolate trusted expressions in a regular context', inject(function($interpolate) {
+      var foo = sce.trustAsCss("foo");
+      expect($interpolate('{{foo}}', true)({foo: foo})).toEqual('foo');
+    }));
+
+    it('should interpolate trusted expressions in a specific trustedContext', inject(function($interpolate) {
+      var foo = sce.trustAsCss("foo");
+      expect($interpolate('{{foo}}', true, sce.CSS)({foo: foo})).toEqual('foo');
+    }));
+
+    // The concatenation of trusted values does not necessarily result in a trusted value.  (For
+    // instance, you can construct evil JS code by putting together pieces of JS strings that are by
+    // themselves safe to execute in isolation.)
+    it('should NOT interpolate trusted expressions with multiple parts', inject(function($interpolate) {
+      var foo = sce.trustAsCss("foo");
+      var bar = sce.trustAsCss("bar");
+      expect(function() {
+        return $interpolate('{{foo}}{{bar}}', true, sce.CSS)(
+             {foo: foo, bar: bar}); }).toThrow(
+                "[$interpolate:noconcat] Error while interpolating: {{foo}}{{bar}}\n" +
+                "Strict Contextual Escaping disallows interpolations that concatenate multiple " +
+                "expressions when a trusted value is required.  See " +
+                "http://docs.angularjs.org/api/ng.$sce");
+    }));
+  });
+
+
   describe('provider', function() {
     beforeEach(module(function($interpolateProvider) {
       $interpolateProvider.startSymbol('--');
@@ -155,13 +204,15 @@ describe('$interpolate', function() {
       expect(function() {
           $interpolate('constant/{{var}}', true, isTrustedContext);
         }).toThrow(
-            "[$interpolate:noconcat] Error while interpolating: constant/{{var}}\nYou may not use " +
-            "multiple expressions when interpolating this expression.");
+            "[$interpolate:noconcat] Error while interpolating: constant/{{var}}\nStrict " +
+            "Contextual Escaping disallows interpolations that concatenate multiple expressions " +
+            "when a trusted value is required.  See http://docs.angularjs.org/api/ng.$sce");
       expect(function() {
           $interpolate('{{foo}}{{bar}}', true, isTrustedContext);
         }).toThrow(
-            "[$interpolate:noconcat] Error while interpolating: {{foo}}{{bar}}\nYou may not use " +
-            "multiple expressions when interpolating this expression.");
+            "[$interpolate:noconcat] Error while interpolating: {{foo}}{{bar}}\nStrict " +
+            "Contextual Escaping disallows interpolations that concatenate multiple expressions " +
+            "when a trusted value is required.  See http://docs.angularjs.org/api/ng.$sce");
     }));
 
     it('should interpolate a multi-part expression when isTrustedContext is false', inject(function($interpolate) {