diff --git a/src/ng/sanitizeUri.js b/src/ng/sanitizeUri.js
index d1416839549c..faceda8f56de 100644
--- a/src/ng/sanitizeUri.js
+++ b/src/ng/sanitizeUri.js
@@ -6,7 +6,7 @@
  */
 function $$SanitizeUriProvider() {
   var aHrefSanitizationWhitelist = /^\s*(https?|ftp|mailto|tel|file):/,
-    imgSrcSanitizationWhitelist = /^\s*(https?|ftp|file|blob):|data:image\//;
+    imgSrcSanitizationWhitelist = /^\s*((https?|ftp|file|blob):|data:image\/)/;
 
   /**
    * @description
diff --git a/test/ng/sanitizeUriSpec.js b/test/ng/sanitizeUriSpec.js
index d1331b0944b2..c36ec48a2535 100644
--- a/test/ng/sanitizeUriSpec.js
+++ b/test/ng/sanitizeUriSpec.js
@@ -30,6 +30,11 @@ describe('sanitizeUri', function() {
       expect(sanitizeImg(testUrl)).toBe('unsafe:javascript:doEvilStuff()');
     });
 
+    it('should sanitize javascript: urls with comments', function() {
+      testUrl = "javascript:alert(1)//data:image/";
+      expect(sanitizeImg(testUrl)).toBe('unsafe:javascript:alert(1)//data:image/');
+    });
+
     it('should sanitize non-image data: urls', function() {
       testUrl = "data:application/javascript;charset=US-ASCII,alert('evil!');";
       expect(sanitizeImg(testUrl)).toBe("unsafe:data:application/javascript;charset=US-ASCII,alert('evil!');");