Angular 1.2 decodes URL, how to prevent it?

[Láďa Říha]

Hi, I'm trying to migrate my Angular 1.0.8 application to 1.2.x and got stuck with this issue.

I have following routing:

 $routeProvider.when('/title/:simpleName/:simpleVersion', {templateUrl: 'partials/public/view/spec.html', controller: SpecificationCtrl});

 $routeProvider.when('/title/:simpleName', {redirectTo: '/title/:simpleName/latest'});

And in one of my directives, I'm creating anchors like this:

link: function(scope, elem, attr) {

   elem.html('<a href="#/title/' + encodeURIComponent(encodeURIComponent(simpleName)) + '/">...</a>')

}

where simpleName can be some string like x/y++_test.

In Angular 1.0.8, if user clicks on such link, browser contains following URL:

.../title/x%252Fy%252B%252B_test

and everything works fine. But with Angular 1.2, browser for a second contains again the escaped form and then URL in browser changes to

.../title/x/y++_test

which is problem as it may not match my routing rules and routing parameters. When this change happens, according to Chrome Dev Tools, the page as such is not reloaded and controllers are created just once when the totally decoded URL is displayed. Is there some new change that causes? How could I make it working the same way as in 1.0.8 ? I've searched Angular's changelog but haven't found any mention of url decoding. More interesting, I encoded the string twice and yet it is fully decoded

Here are 2 plunkers that demonstrate the difference. Simply click on "here" link and see the printed URL:

• Sample with Angular 1.0.8
  
• Sample with Angular 1.2.13
  

[Sander Elias]

Hi Láďa,

This has changed. Security in angular has tightened up. In my book, that's a good thing. However, for constructs like your some extra work is required.

have a look at  at this in the manual. It explains all you need for this.

If you still have issues, don't hesitate to ask, and me (or somebody else) will help you.

Regards

Sander

[Láďa Říha]

Thank you for reply. I don't think this is related to $sce though. The plunk could be a bit misleading, but imagine that the controller instead of $scope.here... would call alert(window.location.href) which is not related to any data binding. With Angular 1.2, it alerts decoded URL which in my application does not match my routing rules... Just to be sure, I've tried to disable $sce and it behaved same as before.

Lada

--
S pozdravem, Láďa Říha

--
You received this message because you are subscribed to a topic in the Google Groups "AngularJS" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/angular/M1ipY1QOusw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to angular+u...@googlegroups.com.
To post to this group, send email to ang...@googlegroups.com.
Visit this group at http://groups.google.com/group/angular.
For more options, visit https://groups.google.com/groups/opt_out.