$sce.trustAsHtml() rejects data-* attributes

[mondalaci]

Apparently, $sce.trustAsHtml() rejects the HTML data-* attributes that are present in the HTML string to be used. Correct me if I'm wrong but I think that data-* attributes are legit and this is a buggy behavior.

Angular 1.3.5

[pkozlowski-opensource]

@mondalaci hmm, true, I can't find any test that would specifically prohibit / allow data- attributes. I can't think if a security issue that it would cause ATM but I guess it needs some investigation. But yeh, this is a valid issue.