feat(ng_bind_html): Configurable sanitizer via injectable NodeValidator.

lib/directive/module.dart

@@ -38,6 +38,7 @@ class NgDirectiveModule extends Module {
     value(NgBindDirective, null);
     value(NgBindTemplateDirective, null);
     value(NgBindHtmlDirective, null);
+    value(dom.NodeValidator, null);
     value(NgClassDirective, null);
     value(NgClassOddDirective, null);
     value(NgClassEvenDirective, null);

lib/directive/ng_bind_html.dart

@@ -18,19 +18,20 @@ part of angular.directive;
   selector: '[ng-bind-html]',
   map: const {'ngBindHtml': '=>value'})
 class NgBindHtmlDirective {
-  // The default HTML sanitizer.  Eventually, we'll make this configurable or
-  // use an optionally loaded `$sanitize` service.
-  static final dom.NodeValidator validator = new dom.NodeValidatorBuilder.common();
+  // The default HTML sanitizer.
+  static final dom.NodeValidator defaultValidator = new dom.NodeValidatorBuilder.common();
 
   final dom.Element element;
-
-  NgBindHtmlDirective(this.element);
+  final dom.NodeValidator validator;
+
+  NgBindHtmlDirective(this.element, dom.NodeValidator validator)
+      : this.validator = validator != null ? validator : defaultValidator;
 
   /**
    * Parsed expression from the `ng-bind-html` attribute.  The result of this
    * expression is innerHTML'd according to the rules specified in this class'
    * documention.
    */
   set value(value) => element.setInnerHtml(value == null ? '' : value.toString(),
-                                           validator: validator) ;
+                                           validator: validator);
 }

test/directive/ng_bind_html_spec.dart

@@ -1,12 +1,10 @@
 library ng_bind_html_spec;
 
+import 'dart:html' as dom;
 import '../_specs.dart';
 
 main() {
   describe('BindHtmlDirective', () {
-    TestBed _;
-
-    beforeEach(inject((TestBed tb) => _ = tb));
 
     it('should sanitize and set innerHtml and sanitize and set html',
           inject((Scope scope, Injector injector, Compiler compiler, DirectiveMap directives) {
@@ -17,5 +15,28 @@ main() {
       // Sanitization removes the href attribute on the <a> tag.
       expect(element.html()).toEqual('<a><b>Google!</b></a>');
     }));
+
+    it('should use injected NodeValidator and override default sanitize behavior',
+          module((Module module) {   
+      module.factory(dom.NodeValidator, (_) {
+        final validator = new NodeValidatorBuilder();
+        validator.allowNavigation(new AnyUriPolicy());
+        validator.allowTextElements();
+        return validator;
+      });
+
+      inject((Scope scope, Injector injector, Compiler compiler, DirectiveMap directives) {         
+        var element = $('<div ng-bind-html="htmlVar"></div>');
+        compiler(element, directives)(injector, element);
+        scope.htmlVar = '<a href="http://www.google.com"><b>Google!</b></a>';
+        scope.$digest();
+        // Sanitation allows href attributes per injected sanitizer.
+        expect(element.html()).toEqual('<a href="http://www.google.com"><b>Google!</b></a>');
+      });
+    }));
   });
 }
+
+class AnyUriPolicy implements UriPolicy { 
+  bool allowsUri(String uri) => true;
+}