update other angular libs

h/lib/angular-sanitize.js

 /**
- * @license AngularJS v1.1.4
+ * @license AngularJS v1.2.0-rc.2
  * (c) 2010-2012 Google, Inc. http://angularjs.org
  * License: MIT
  */
-(function(window, angular, undefined) {
-'use strict';
+(function(window, angular, undefined) {'use strict';
+
+var $sanitizeMinErr = angular.$$minErr('$sanitize');
 
 /**
  * @ngdoc overview
  * @name ngSanitize
  * @description
+ *
+ * # ngSanitize
+ *
+ * The `ngSanitize` module provides functionality to sanitize HTML.
+ *
+ * {@installModule sanitize}
+ *
+ * See {@link ngSanitize.$sanitize `$sanitize`} for usage.
  */
 
 /*
@@ -48,68 +57,71 @@
    <doc:example module="ngSanitize">
      <doc:source>
        <script>
-         function Ctrl($scope) {
+         function Ctrl($scope, $sce) {
            $scope.snippet =
              '<p style="color:blue">an html\n' +
              '<em onmouseover="this.textContent=\'PWN3D!\'">click here</em>\n' +
              'snippet</p>';
+           $scope.deliberatelyTrustDangerousSnippet = function() {
+             return $sce.trustAsHtml($scope.snippet);
+           };
          }
        </script>
        <div ng-controller="Ctrl">
           Snippet: <textarea ng-model="snippet" cols="60" rows="3"></textarea>
            <table>
              <tr>
-               <td>Filter</td>
+               <td>Directive</td>
+               <td>How</td>
                <td>Source</td>
                <td>Rendered</td>
              </tr>
-             <tr id="html-filter">
-               <td>html filter</td>
-               <td>
-                 <pre>&lt;div ng-bind-html="snippet"&gt;<br/>&lt;/div&gt;</pre>
-               </td>
-               <td>
-                 <div ng-bind-html="snippet"></div>
-               </td>
+             <tr id="bind-html-with-sanitize">
+               <td>ng-bind-html</td>
+               <td>Automatically uses $sanitize</td>
+               <td><pre>&lt;div ng-bind-html="snippet"&gt;<br/>&lt;/div&gt;</pre></td>
+               <td><div ng-bind-html="snippet"></div></td>
              </tr>
-             <tr id="escaped-html">
-               <td>no filter</td>
+             <tr id="bind-html-with-trust">
+               <td>ng-bind-html</td>
+               <td>Bypass $sanitize by explicitly trusting the dangerous value</td>
+               <td><pre>&lt;div ng-bind-html="deliberatelyTrustDangerousSnippet()"&gt;<br/>&lt;/div&gt;</pre></td>
+               <td><div ng-bind-html="deliberatelyTrustDangerousSnippet()"></div></td>
+             </tr>
+             <tr id="bind-default">
+               <td>ng-bind</td>
+               <td>Automatically escapes</td>
                <td><pre>&lt;div ng-bind="snippet"&gt;<br/>&lt;/div&gt;</pre></td>
                <td><div ng-bind="snippet"></div></td>
              </tr>
-             <tr id="html-unsafe-filter">
-               <td>unsafe html filter</td>
-               <td><pre>&lt;div ng-bind-html-unsafe="snippet"&gt;<br/>&lt;/div&gt;</pre></td>
-               <td><div ng-bind-html-unsafe="snippet"></div></td>
-             </tr>
            </table>
          </div>
      </doc:source>
      <doc:scenario>
-       it('should sanitize the html snippet ', function() {
-         expect(using('#html-filter').element('div').html()).
+       it('should sanitize the html snippet by default', function() {
+         expect(using('#bind-html-with-sanitize').element('div').html()).
            toBe('<p>an html\n<em>click here</em>\nsnippet</p>');
        });
 
+       it('should inline raw snippet if bound to a trusted value', function() {
+         expect(using('#bind-html-with-trust').element("div").html()).
+           toBe("<p style=\"color:blue\">an html\n" +
+                "<em onmouseover=\"this.textContent='PWN3D!'\">click here</em>\n" +
+                "snippet</p>");
+       });
+
        it('should escape snippet without any filter', function() {
-         expect(using('#escaped-html').element('div').html()).
+         expect(using('#bind-default').element('div').html()).
            toBe("&lt;p style=\"color:blue\"&gt;an html\n" +
                 "&lt;em onmouseover=\"this.textContent='PWN3D!'\"&gt;click here&lt;/em&gt;\n" +
                 "snippet&lt;/p&gt;");
        });
 
-       it('should inline raw snippet if filtered as unsafe', function() {
-         expect(using('#html-unsafe-filter').element("div").html()).
-           toBe("<p style=\"color:blue\">an html\n" +
-                "<em onmouseover=\"this.textContent='PWN3D!'\">click here</em>\n" +
-                "snippet</p>");
-       });
-
        it('should update', function() {
-         input('snippet').enter('new <b>text</b>');
-         expect(using('#html-filter').binding('snippet')).toBe('new <b>text</b>');
-         expect(using('#escaped-html').element('div').html()).toBe("new &lt;b&gt;text&lt;/b&gt;");
-         expect(using('#html-unsafe-filter').binding("snippet")).toBe('new <b>text</b>');
+         input('snippet').enter('new <b onclick="alert(1)">text</b>');
+         expect(using('#bind-html-with-sanitize').element('div').html()).toBe('new <b>text</b>');
+         expect(using('#bind-html-with-trust').element('div').html()).toBe('new <b onclick="alert(1)">text</b>');
+         expect(using('#bind-default').element('div').html()).toBe("new &lt;b onclick=\"alert(1)\"&gt;text&lt;/b&gt;");
        });
      </doc:scenario>
    </doc:example>
@@ -129,7 +141,7 @@ var START_TAG_REGEXP = /^<\s*([\w:-]+)((?:\s+[\w:-]+(?:\s*=\s*(?:(?:"[^"]*")|(?:
   BEGING_END_TAGE_REGEXP = /^<\s*\//,
   COMMENT_REGEXP = /<!--(.*?)-->/g,
   CDATA_REGEXP = /<!\[CDATA\[(.*?)]]>/g,
-  URI_REGEXP = /^((ftp|https?):\/\/|mailto:|tel:|#)/,
+  URI_REGEXP = /^((ftp|https?):\/\/|mailto:|tel:|#)/i,
   NON_ALPHANUMERIC_REGEXP = /([^\#-~| |!])/g; // Match everything outside of normal chars and " (quote character)
 
 
@@ -256,7 +268,7 @@ function htmlParser( html, handler ) {
     }
 
     if ( html == last ) {
-      throw "Parse Error: " + html;
+      throw $sanitizeMinErr('badparse', "The sanitizer was unable to parse the following block of html: {0}", html);
     }
     last = html;
   }
@@ -283,10 +295,10 @@ function htmlParser( html, handler ) {
 
     var attrs = {};
 
-    rest.replace(ATTR_REGEXP, function(match, name, doubleQuotedValue, singleQoutedValue, unqoutedValue) {
+    rest.replace(ATTR_REGEXP, function(match, name, doubleQuotedValue, singleQuotedValue, unquotedValue) {
       var value = doubleQuotedValue
-        || singleQoutedValue
-        || unqoutedValue
+        || singleQuotedValue
+        || unquotedValue
         || '';
 
       attrs[name] = decodeEntities(value);
@@ -400,29 +412,6 @@ function htmlSanitizeWriter(buf){
 // define ngSanitize module and register $sanitize service
 angular.module('ngSanitize', []).value('$sanitize', $sanitize);
 
-/**
- * @ngdoc directive
- * @name ngSanitize.directive:ngBindHtml
- *
- * @description
- * Creates a binding that will sanitize the result of evaluating the `expression` with the
- * {@link ngSanitize.$sanitize $sanitize} service and innerHTML the result into the current element.
- *
- * See {@link ngSanitize.$sanitize $sanitize} docs for examples.
- *
- * @element ANY
- * @param {expression} ngBindHtml {@link guide/expression Expression} to evaluate.
- */
-angular.module('ngSanitize').directive('ngBindHtml', ['$sanitize', function($sanitize) {
-  return function(scope, element, attr) {
-    element.addClass('ng-binding').data('$binding', attr.ngBindHtml);
-    scope.$watch(attr.ngBindHtml, function ngBindHtmlWatchAction(value) {
-      value = $sanitize(value);
-      element.html(value || '');
-    });
-  };
-}]);
-
 /**
  * @ngdoc filter
  * @name ngSanitize.filter:linky
@@ -432,6 +421,8 @@ angular.module('ngSanitize').directive('ngBindHtml', ['$sanitize', function($san
  * Finds links in text input and turns them into html links. Supports http/https/ftp/mailto and
  * plain email address links.
  *
+ * Requires the {@link ngSanitize `ngSanitize`} module to be installed.
+ *
  * @param {string} text Input text.
  * @param {string} target Window (_blank|_self|_parent|_top) or named frame to open links in.
  * @returns {string} Html-linkified text.