From: Alister Stevens <alister@pebblepad.co.uk>
Date: Wed, 18 Sep 2024 16:10:46 +0100
Subject: CVE-2024-8373

origin: backport, https://github.com/PebblePad/angular.js/commit/7cb36590cdfb23fc2106868b21eb7a78311eb36d
bug-cve: ttps://www.cve.org/CVERecord?id=CVE-2024-8373
---
 src/ng/compile.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ng/compile.js b/src/ng/compile.js
index b90318f..8e7cf98 100644
--- a/src/ng/compile.js
+++ b/src/ng/compile.js
@@ -2235,7 +2235,7 @@ function $CompileProvider($provide, $$sanitizeUriProvider) {
         nodeName = nodeName_(this.$$element);
 
         // Sanitize img[srcset] values.
-        if (nodeName === 'img' && key === 'srcset') {
+        if ((nodeName === 'img' || nodeName === 'source') && key === 'srcset') {
           this[key] = value = sanitizeSrcset(value, '$set(\'srcset\', value)');
         }