From 2bc5fde8e609f2c6978973e38b8b4ae95035f579 Mon Sep 17 00:00:00 2001
From: Lucas Mirelmann <lgalfaso@gmail.com>
Date: Fri, 22 Jan 2016 21:04:40 +0100
Subject: [PATCH] fix(ngSanitize): Blacklist the attribute `usemap`

Given that the attribute `name` is blacklisted, the attribute `usemap` should be
blacklisted too.
---
 src/ngSanitize/sanitize.js      | 2 +-
 test/ngSanitize/sanitizeSpec.js | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/ngSanitize/sanitize.js b/src/ngSanitize/sanitize.js
index aed08d101406..9cf9aca3f61d 100644
--- a/src/ngSanitize/sanitize.js
+++ b/src/ngSanitize/sanitize.js
@@ -254,7 +254,7 @@ var validElements = angular.extend({},
                                    optionalEndTagElements);
 
 //Attributes that have href and hence need to be sanitized
-var uriAttrs = toMap("background,cite,href,longdesc,src,usemap,xlink:href");
+var uriAttrs = toMap("background,cite,href,longdesc,src,xlink:href");
 
 var htmlAttrs = toMap('abbr,align,alt,axis,bgcolor,border,cellpadding,cellspacing,class,clear,' +
     'color,cols,colspan,compact,coords,dir,face,headers,height,hreflang,hspace,' +
diff --git a/test/ngSanitize/sanitizeSpec.js b/test/ngSanitize/sanitizeSpec.js
index 6455ba94d6ee..1ff1a579829f 100644
--- a/test/ngSanitize/sanitizeSpec.js
+++ b/test/ngSanitize/sanitizeSpec.js
@@ -153,6 +153,7 @@ describe('HTML', function() {
 
   it('should remove unsafe value', function() {
     expectHTML('<a href="javascript:alert()">').toEqual('<a></a>');
+    expectHTML('<img src="foo.gif" usemap="#foomap">').toEqual('<img src="foo.gif">');
   });
 
   it('should handle self closed elements', function() {