use $templateRequest from AngularJS

- modified `$templateFactory` to use `$templateRequest` provider of
AngularJs in case it is avalable
- removed the test case which enforces the setting of request header
`Accept: text/html`

(cherry picked from commit 9a1af98)

Author: christopherthielen

src/services.ts

@@ -71,14 +71,9 @@ function $uiRouter($locationProvider: ILocationProvider) {
   router['$get'] = $get;
   $get.$inject = ['$location', '$browser', '$sniffer', '$rootScope', '$http', '$templateCache'];
   function $get($location: ILocationService, $browser: any, $sniffer: any, $rootScope: ng.IScope, $http: IHttpService, $templateCache: ITemplateCacheService) {
+    ng1LocationService._runtimeServices($rootScope, $location, $sniffer, $browser);
     delete router['router'];
     delete router['$get'];
-
-    services.template.get = (url: string) =>
-        $http.get(url, { cache: $templateCache, headers: { Accept: 'text/html' }}).then(prop("data")) as any;
-
-    ng1LocationService._runtimeServices($rootScope, $location, $sniffer, $browser);
-
     return router;
   }
   return router;

src/templateFactory.ts

@@ -4,14 +4,23 @@ import { ng as angular } from "./angular";
 import { IAugmentedJQuery } from "angular";
 import {
   isArray, isDefined, isFunction, isObject, services, Obj, IInjectable, tail, kebobString, unnestR, ResolveContext,
-  Resolvable, RawParams, identity
+  Resolvable, RawParams, prop
 } from "ui-router-core";
 import { Ng1ViewDeclaration } from "./interface";
 
+const service = (token) => {
+  const $injector = services.$injector;
+  return $injector.has ? ($injector.has(token) && $injector.get(token)) : $injector.get(token);
+};
+
 /**
  * Service which manages loading of templates from a ViewConfig.
  */
 export class TemplateFactory {
+  private $templateRequest = service('$templateRequest');
+  private $templateCache = service('$templateCache');
+  private $http = service('$http');
+
   /**
    * Creates a template from a configuration object.
    *
@@ -66,7 +75,13 @@ export class TemplateFactory {
   fromUrl(url: (string|Function), params: any) {
     if (isFunction(url)) url = (<any> url)(params);
     if (url == null) return null;
-    return services.template.get(<string> url);
+
+    if(this.$templateRequest) {
+      return this.$templateRequest(url);
+    }
+
+    return this.$http.get(url, { cache: this.$templateCache, headers: { Accept: 'text/html' }})
+        .then(function(response) { return response.data; });
   };
 
   /**

test/templateFactorySpec.js

@@ -0,0 +1,63 @@
+import * as angular from "angular";
+
+declare let inject;
+
+let module = angular['mock'].module;
+
+describe('templateFactory', function () {
+
+  beforeEach(module('ui.router'));
+
+  it('exists', inject(function ($templateFactory) {
+    expect($templateFactory).toBeDefined();
+  }));
+
+  if (angular.version.major >= 1 && angular.version.minor >= 3) {
+    // Post 1.2, there is a $templateRequest and a $sce service
+    describe('should follow $sce policy and', function() {
+      it('accepts relative URLs', inject(function($templateFactory, $httpBackend, $sce) {
+        $httpBackend.expectGET('views/view.html').respond(200, 'template!');
+        $templateFactory.fromUrl('views/view.html');
+        $httpBackend.flush();
+      }));
+
+      it('rejects untrusted URLs',
+          inject(function($templateFactory, $httpBackend, $sce) {
+            let error = 'No error thrown';
+            try {
+              $templateFactory.fromUrl('http://evil.com/views/view.html');
+            } catch (e) {
+              error = e.message;
+            }
+            expect(error).toMatch(/sce:insecurl/);
+          }));
+
+      it('accepts explicitly trusted URLs',
+          inject(function($templateFactory, $httpBackend, $sce) {
+            $httpBackend.expectGET('http://evil.com/views/view.html').respond(200, 'template!');
+            $templateFactory.fromUrl(
+                $sce.trustAsResourceUrl('http://evil.com/views/view.html'));
+            $httpBackend.flush();
+          }));
+    });
+  } else {  // 1.2 and before will use directly $http
+    it('does not restrict URL loading', inject(function($templateFactory, $httpBackend) {
+      $httpBackend.expectGET('http://evil.com/views/view.html').respond(200,  'template!');
+      $templateFactory.fromUrl('http://evil.com/views/view.html');
+      $httpBackend.flush();
+
+      $httpBackend.expectGET('data:text/html,foo').respond(200,  'template!');
+      $templateFactory.fromUrl('data:text/html,foo');
+      $httpBackend.flush();
+    }));
+
+    // Behavior not kept in >1.2 with $templateRequest
+    it('should request templates as text/html', inject(function($templateFactory, $httpBackend) {
+      $httpBackend.expectGET('views/view.html', function(headers) {
+        return headers.Accept === 'text/html';
+      }).respond(200);
+      $templateFactory.fromUrl('views/view.html');
+      $httpBackend.flush();
+    }));
+  }
+});