I recently upgraded from AngularJS 1.2.0rc2 to 1.2.3. I now have this issue where getTrustedHtml returns the input value twice: a doubly-escaped version concatenated with a properly unescaped version of the input.

For example:

$sce.getTrustedHtml('Andrew's string.');

returns:

"Andrew's string.Andrew's string."

Input values without HTML entities appear to be simply duplicated in the output.

Strangely, I only see this behavior when inside my Cordova/PhoneGap application when running inside the iOS simulator. It does not appear to happen on Chrome, Firefox, IE, or Safari on a Windows desktop, nor on Chrome on OSX. I do not yet have a developer license to test on a real device.

Additionally, this affects all my ng-bind-html bindings as I assume they are using getTrustedHtml behind the scenes.

I see no errors being thrown in the console.