From 9532234bf1c408af9a6fd2c4743fdb585b920531 Mon Sep 17 00:00:00 2001
From: Igor Minar
Date: Tue, 19 Feb 2013 09:55:05 -0800
Subject: fix($compile): sanitize values bound to a[href]

---
 src/ng/directive/booleanAttrs.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src/ng/directive')

diff --git a/src/ng/directive/booleanAttrs.js b/src/ng/directive/booleanAttrs.js
index 739c539a..7e0e3a42 100644
--- a/src/ng/directive/booleanAttrs.js
+++ b/src/ng/directive/booleanAttrs.js
@@ -340,8 +340,9 @@ forEach(['src', 'href'], function(attrName) {
 
           // on IE, if "ng:src" directive declaration is used and "src" attribute doesn't exist
           // then calling element.setAttribute('src', 'foo') doesn't do anything, so we need
-          // to set the property as well to achieve the desired effect
-          if (msie) element.prop(attrName, value);
+          // to set the property as well to achieve the desired effect.
+          // we use attr[attrName] value since $set can sanitize the url.
+          if (msie) element.prop(attrName, attr[attrName]);
         });
       }
     };
-- 
cgit v1.2.3