fix(service): avoid sanitizing of functions

Fixes #1529

src/service/sanitization.js

@@ -253,6 +253,12 @@ function $translateSanitizationProvider () {
 
       stack.push(value);
       angular.forEach(value, function (propertyValue, propertyKey) {
+
+        /* Skipping function properties. */
+        if (angular.isFunction(propertyValue)) {
+          return;
+        }
+
         result[propertyKey] = mapInterpolationParameters(propertyValue, iteratee, stack);
       });
       stack.splice(-1, 1); // remove last

test/unit/service/sanitization.spec.js

@@ -125,6 +125,32 @@ describe('pascalprecht.translate', function () {
           expectedText = text;
           expect($translateSanitization.sanitize(text, 'text')).toEqual(expectedText);
         });
+
+        it('should not escape functions', function () {
+
+          var sanitizedUser;
+          var user = {
+            firstName: '<b>Foo</b>',
+            save: angular.noop
+          };
+
+          var spyAngularElementReturnValue = jasmine.createSpyObj('angularElement', ['html', 'off', 'text', 'data']);
+
+          spyOn(angular, 'element').and.returnValue(spyAngularElementReturnValue);
+
+          /* Sanitized user should not have a save property. */
+
+          sanitizedUser = $translateSanitization.sanitize({user: user}, 'params').user;
+
+          expect('firstName' in sanitizedUser).toEqual(true);
+          expect('save' in sanitizedUser).toEqual(false);
+
+          /* `user.save` should not be called. */
+          expect(spyAngularElementReturnValue.text.calls.count()).toEqual(1);
+          expect(spyAngularElementReturnValue.text.calls.argsFor(0)).toEqual(['<b>Foo</b>']);
+
+        });
+
       });
 
       describe('with the (legacy, deprecated) escaped strategy', function () {