fix for angular#5088

src/ngSanitize/filter/linky.js

@@ -70,10 +70,10 @@
      <doc:scenario>
        it('should linkify the snippet with urls', function() {
          expect(using('#linky-filter').binding('snippet | linky')).
-           toBe('Pretty text with some links:&#10;' +
-                '<a href="http://angularjs.org/">http://angularjs.org/</a>,&#10;' +
-                '<a href="mailto:us@somewhere.org">us@somewhere.org</a>,&#10;' +
-                '<a href="mailto:another@somewhere.org">another@somewhere.org</a>,&#10;' +
+           toBe('Pretty text with some links:\n' +
+                '<a href="http://angularjs.org/">http://angularjs.org/</a>,\n' +
+                '<a href="mailto:us@somewhere.org">us@somewhere.org</a>,\n' +
+                '<a href="mailto:another@somewhere.org">another@somewhere.org</a>,\n' +
                 'and one more: <a href="ftp://127.0.0.1/">ftp://127.0.0.1/</a>.');
        });
 

src/ngSanitize/sanitize.js

@@ -395,14 +395,16 @@ function decodeEntities(value) {
  * @param value
  * @returns escaped text
  */
-function encodeEntities(value) {
-  return value.
-    replace(/&/g, '&').
-    replace(NON_ALPHANUMERIC_REGEXP, function(value){
+function encodeEntities(value, replace_non_alphanumeric) {
+  value = value.replace(/&/g, '&');
+
+  if(replace_non_alphanumeric) {
+    value = value.replace(NON_ALPHANUMERIC_REGEXP, function(value){
       return '&#' + value.charCodeAt(0) + ';';
-    }).
-    replace(/</g, '&lt;').
-    replace(/>/g, '&gt;');
+    });
+  }
+
+  return value.replace(/</g, '&lt;').replace(/>/g, '&gt;');
 }
 
 /**
@@ -435,7 +437,7 @@ function htmlSanitizeWriter(buf, uriValidator){
             out(' ');
             out(key);
             out('="');
-            out(encodeEntities(value));
+            out(encodeEntities(value, true));
             out('"');
           }
         });
@@ -455,7 +457,7 @@ function htmlSanitizeWriter(buf, uriValidator){
       },
     chars: function(chars){
         if (!ignore) {
-          out(encodeEntities(chars));
+          out(encodeEntities(chars, false));
         }
       }
   };

test/ngSanitize/sanitizeSpec.js

@@ -160,7 +160,7 @@ describe('HTML', function() {
 
   it('should handle entities', function() {
     var everything = '<div rel="!@#$%^&amp;*()_+-={}[]:&#34;;\'&lt;&gt;?,./`~ &#295;">' +
-    '!@#$%^&amp;*()_+-={}[]:&#34;;\'&lt;&gt;?,./`~ &#295;</div>';
+    '!@#$%^&amp;*()_+-={}[]:";\'&lt;&gt;?,./`~ ħ</div>';
     expectHTML(everything).toEqual(everything);
   });
 
@@ -191,7 +191,7 @@ describe('HTML', function() {
   });
 
   it('should allow multiline strings', function() {
-    expectHTML('\na\n').toEqual('&#10;a\&#10;');
+    expectHTML('\na\n').toEqual('\na\n');
   });
 
   describe('htmlSanitizerWriter', function() {