fix($compile) empty href should pass sanitation check

[andershessellund]

The htmlAnchorDirective sets an empty href attribute on tags.
This should pass sanitation check in $compile.

Closes #2219

[petebacondarwin]

Can you provide a unit test for this?

[andershessellund]

I have attempted to create a unit test for this problem. Unfortunately it is very difficult to reproduce.

The problem is in the following code from $compile:

        // sanitize a[href] values
        if (nodeName_(this.$$element[0]) === 'A' && key === 'href') {
          urlSanitizationNode.setAttribute('href', value);

          // href property always returns normalized absolute url, so we can match against that
          normalizedVal = urlSanitizationNode.href;
          if (!normalizedVal.match(urlSanitizationWhitelist)) {
            this[key] = value = 'unsafe:' + normalizedVal;
          }
        }

Under NORMAL circumstances, the urlSanitizationNode.href returns a normalized absolute URL - including the problematic case, where the href is set to the empty string. However, under certain circumstances, which i don't fully understand, IE7 and IE8 returns an empty String. I cannot seem to reproduce this in a simple test case, and in my application the error is also not 100% reproducible - somtimes, it happens, sometimes it does not.

[pstoica]

Any updates to this? I'm still receiving "unsafe:" links on IE7 using ng-href.

[andershessellund]

No updates that I know of, I do not think the angular devs will accept a bugfix without a test to reproduce the bug - which unfortunately is very difficult in this case.

Have you been able to reproduce the bug in a small example?

[pstoica]

http://run.plnkr.co/BEpuj4YKdnSjbroM/ Try this out. It's been occurring precisely for me using routeProvider.

[andershessellund]

I get a 404 when loading the plunk for some reason. I am sure it was available yesterday. Could you please upload it again?

[pstoica]

Sorry about that. Try this: http://run.plnkr.co/plunks/ImUdcyAWAHr63oWVbgxt/

And if not that, here's the plunkr directly: http://plnkr.co/ImUdcyAWAHr63oWVbgxt
Just hit "Launch Fullscreen".

[deanapeterson]

To get around this. You can add a non empty name attribute.

<a href="" name="ie7Sucks" ng-click="[exp]">Click</a>

[petebacondarwin]

You are right that this is incredibly hard to unit test without exposing internals of $compile.
Merging as-is since it is an almost trivial change and doesn't break any of the other tests.
Landed as fc8c9ba and 3b2c6f0