fix(linky): encode double quotes when serializing email addresses

Email addresses can (under certain restrictions) include double quote
characters. See http://tools.ietf.org/html/rfc3696#section-3.

For example, `"Jo Bloggs"@abc.com` is a valid email address.

When serializing emails to the `href` attribute of an anchor element,
we must HTML encode these double quote characters. See
http://www.w3.org/TR/html-markup/syntax.html#syntax-attr-double-quoted

This commit does not attempt to improve the functionality (i.e. regex)
that attempts to identify email addresses in a general string.

Closes #8945
Closes #8964
Closes #5946
Closes #10090
Closes #9256

Author: lgalfaso

src/ngSanitize/filter/linky.js

@@ -141,9 +141,9 @@ angular.module('ngSanitize').filter('linky', ['$sanitize', function($sanitize) {
         html.push(target);
         html.push('" ');
       }
-      html.push('href="');
-      html.push(url);
-      html.push('">');
+      html.push('href="',
+                url.replace('"', '"'),
+                '">');
       addText(text);
       html.push('</a>');
     }

test/ngSanitize/filter/linkySpec.js

@@ -29,6 +29,10 @@ describe('linky', function() {
       toEqual('my email is &#34;<a href="mailto:me@example.com">me@example.com</a>&#34;');
   });
 
+  it('should handle quotes in the email', function() {
+    expect(linky('foo@"bar.com')).toEqual('<a href="mailto:foo@&#34;bar.com">foo@&#34;bar.com</a>');
+  });
+
   it('should handle target:', function() {
     expect(linky("http://example.com", "_blank")).
       toEqual('<a target="_blank" href="http://example.com">http://example.com</a>');