From a95c3cf3e8aad81d1a4d74d113aebe5d8dc2aef2 Mon Sep 17 00:00:00 2001
From: "W. Brian Gourlie" <bgourlie@gmail.com>
Date: Sat, 1 Feb 2014 01:47:08 -0600
Subject: [PATCH 1/3] Make NodeValidator injectable

---
 lib/directive/module.dart             |  1 +
 lib/directive/ng_bind_html.dart       | 13 +++++++------
 test/directive/ng_bind_html_spec.dart | 27 ++++++++++++++++++++++++---
 3 files changed, 32 insertions(+), 9 deletions(-)

diff --git a/lib/directive/module.dart b/lib/directive/module.dart
index c2f2aa1a6..0335ac72e 100644
--- a/lib/directive/module.dart
+++ b/lib/directive/module.dart
@@ -38,6 +38,7 @@ class NgDirectiveModule extends Module {
     value(NgBindDirective, null);
     value(NgBindTemplateDirective, null);
     value(NgBindHtmlDirective, null);
+    value(dom.NodeValidator, null);
     value(NgClassDirective, null);
     value(NgClassOddDirective, null);
     value(NgClassEvenDirective, null);
diff --git a/lib/directive/ng_bind_html.dart b/lib/directive/ng_bind_html.dart
index 2659b7ffb..b3b95c43d 100644
--- a/lib/directive/ng_bind_html.dart
+++ b/lib/directive/ng_bind_html.dart
@@ -18,13 +18,14 @@ part of angular.directive;
   selector: '[ng-bind-html]',
   map: const {'ngBindHtml': '=>value'})
 class NgBindHtmlDirective {
-  // The default HTML sanitizer.  Eventually, we'll make this configurable or
-  // use an optionally loaded `$sanitize` service.
-  static final dom.NodeValidator validator = new dom.NodeValidatorBuilder.common();
+  // The default HTML sanitizer.
+  static final dom.NodeValidator defaultValidator = new dom.NodeValidatorBuilder.common();
 
   final dom.Element element;
-
-  NgBindHtmlDirective(this.element);
+  final dom.NodeValidator validator;
+  
+  NgBindHtmlDirective(this.element, dom.NodeValidator validator)
+      : this.validator = validator != null ? validator : defaultValidator;
 
   /**
    * Parsed expression from the `ng-bind-html` attribute.  The result of this
@@ -32,5 +33,5 @@ class NgBindHtmlDirective {
    * documention.
    */
   set value(value) => element.setInnerHtml(value == null ? '' : value.toString(),
-                                           validator: validator) ;
+                                           validator: validator);
 }
diff --git a/test/directive/ng_bind_html_spec.dart b/test/directive/ng_bind_html_spec.dart
index 5dc161d8f..9064380e3 100644
--- a/test/directive/ng_bind_html_spec.dart
+++ b/test/directive/ng_bind_html_spec.dart
@@ -1,12 +1,10 @@
 library ng_bind_html_spec;
 
+import 'dart:html' as dom;
 import '../_specs.dart';
 
 main() {
   describe('BindHtmlDirective', () {
-    TestBed _;
-
-    beforeEach(inject((TestBed tb) => _ = tb));
 
     it('should sanitize and set innerHtml and sanitize and set html',
           inject((Scope scope, Injector injector, Compiler compiler) {
@@ -17,5 +15,28 @@ main() {
       // Sanitization removes the href attribute on the <a> tag.
       expect(element.html()).toEqual('<a><b>Google!</b></a>');
     }));
+
+    it('should use injected NodeValidator and override default sanitize behavior',
+          module((Module module) {   
+      module.factory(dom.NodeValidator, (_) {
+        final validator = new NodeValidatorBuilder();
+        validator.allowNavigation(new AnyUriPolicy());
+        validator.allowTextElements();
+        return validator;
+      });
+      
+      inject((Scope scope, Injector injector, Compiler compiler) {         
+        var element = $('<div ng-bind-html="htmlVar"></div>');
+        compiler(element)(injector, element);
+        scope.htmlVar = '<a href="http://www.google.com"><b>Google!</b></a>';
+        scope.$digest();
+        // Sanitation allows href attributes per injected sanitizer.
+        expect(element.html()).toEqual('<a href="http://www.google.com"><b>Google!</b></a>');
+      });
+    }));
   });
 }
+
+class AnyUriPolicy implements UriPolicy { 
+  bool allowsUri(String uri) => true;
+}
\ No newline at end of file

From cb36958e50024d5a8ed2f93eac9e07415f959f39 Mon Sep 17 00:00:00 2001
From: "W. Brian Gourlie" <bgourlie@gmail.com>
Date: Sat, 1 Feb 2014 12:49:34 -0600
Subject: [PATCH 2/3] re-add newline.

---
 test/directive/ng_bind_html_spec.dart | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/directive/ng_bind_html_spec.dart b/test/directive/ng_bind_html_spec.dart
index 9064380e3..4624105f9 100644
--- a/test/directive/ng_bind_html_spec.dart
+++ b/test/directive/ng_bind_html_spec.dart
@@ -39,4 +39,4 @@ main() {
 
 class AnyUriPolicy implements UriPolicy { 
   bool allowsUri(String uri) => true;
-}
\ No newline at end of file
+}

From 140e8c88918e78aaaaf060672922ed8ed9abc6a9 Mon Sep 17 00:00:00 2001
From: "W. Brian Gourlie" <bgourlie@gmail.com>
Date: Wed, 5 Feb 2014 19:34:32 -0600
Subject: [PATCH 3/3] Fix failing test.

---
 test/directive/ng_bind_html_spec.dart | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/directive/ng_bind_html_spec.dart b/test/directive/ng_bind_html_spec.dart
index b368daf3f..d02939828 100644
--- a/test/directive/ng_bind_html_spec.dart
+++ b/test/directive/ng_bind_html_spec.dart
@@ -25,9 +25,9 @@ main() {
         return validator;
       });
       
-      inject((Scope scope, Injector injector, Compiler compiler) {         
+      inject((Scope scope, Injector injector, Compiler compiler, DirectiveMap directives) {         
         var element = $('<div ng-bind-html="htmlVar"></div>');
-        compiler(element)(injector, element);
+        compiler(element, directives)(injector, element);
         scope.htmlVar = '<a href="http://www.google.com"><b>Google!</b></a>';
         scope.$digest();
         // Sanitation allows href attributes per injected sanitizer.