diff --git a/src/ng/compile.js b/src/ng/compile.js
index 051028e338e8..5c1d04a140c6 100644
--- a/src/ng/compile.js
+++ b/src/ng/compile.js
@@ -1044,7 +1044,7 @@ function $CompileProvider($provide, $$sanitizeUriProvider) {
nodeName = nodeName_(this.$$element);
- if ((nodeName === 'a' && key === 'href') ||
+ if ((nodeName === 'a' && (key === 'href' || key === 'xlinkHref')) ||
(nodeName === 'img' && key === 'src')) {
// sanitize a[href] and img[src] values
this[key] = value = $$sanitizeUri(value, key === 'src');
diff --git a/test/ng/compileSpec.js b/test/ng/compileSpec.js
index da8b52725d71..2621466845e5 100755
--- a/test/ng/compileSpec.js
+++ b/test/ng/compileSpec.js
@@ -6322,6 +6322,54 @@ describe('$compile', function() {
});
});
+ it('should use $$sanitizeUri when declared via ng-href', function() {
+ var $$sanitizeUri = jasmine.createSpy('$$sanitizeUri');
+ module(function($provide) {
+ $provide.value('$$sanitizeUri', $$sanitizeUri);
+ });
+ inject(function($compile, $rootScope) {
+ element = $compile('')($rootScope);
+ $rootScope.testUrl = "someUrl";
+
+ $$sanitizeUri.andReturn('someSanitizedUrl');
+ $rootScope.$apply();
+ expect(element.attr('href')).toBe('someSanitizedUrl');
+ expect($$sanitizeUri).toHaveBeenCalledWith($rootScope.testUrl, false);
+ });
+ });
+
+ it('should use $$sanitizeUri when working with svg and xlink:href', function() {
+ var $$sanitizeUri = jasmine.createSpy('$$sanitizeUri');
+ module(function($provide) {
+ $provide.value('$$sanitizeUri', $$sanitizeUri);
+ });
+ inject(function($compile, $rootScope) {
+ element = $compile('')($rootScope);
+ $rootScope.testUrl = "evilUrl";
+
+ $$sanitizeUri.andReturn('someSanitizedUrl');
+ $rootScope.$apply();
+ expect(element.find('a').prop('href').baseVal).toBe('someSanitizedUrl');
+ expect($$sanitizeUri).toHaveBeenCalledWith($rootScope.testUrl, false);
+ });
+ });
+
+
+ it('should use $$sanitizeUri when working with svg and xlink:href', function() {
+ var $$sanitizeUri = jasmine.createSpy('$$sanitizeUri');
+ module(function($provide) {
+ $provide.value('$$sanitizeUri', $$sanitizeUri);
+ });
+ inject(function($compile, $rootScope) {
+ element = $compile('')($rootScope);
+ $rootScope.testUrl = "evilUrl";
+
+ $$sanitizeUri.andReturn('someSanitizedUrl');
+ $rootScope.$apply();
+ expect(element.find('a').prop('href').baseVal).toBe('someSanitizedUrl');
+ expect($$sanitizeUri).toHaveBeenCalledWith($rootScope.testUrl, false);
+ });
+ });
});
describe('interpolation on HTML DOM event handler attributes onclick, onXYZ, formaction', function() {