I've put a JSfiddle here so you can see code that is actually working...
Unfortunately this does not work on my local machine even though everything else does (I have other angular code running fine).
On my local machine I only see my html in the output if i use..
ng-bind-html-unsafe="message.content"
instead of...
ng-bind-html="message.content"
So, on JSfiddle it works when I leave the "unsafe" off, but on my local machine the unsafe has to be there, which seems undesirable from a security point of view.
I am loading the same version of Angular and sanitize, in the same order and my code I think is identical, only the environment seems to be different.
Any ideas?
You need to add your module to ng-app:
<html ng-app='myApp'>
...
If you don't specify this, angular will only load module 'ng', not ng-sanitize. ng-bind-unsafe is in module ng, not ng-sanitize, which is why this accidently worked.
Apparently in new version of AngularJS 1.2+ they change it, since then you have to use trustAsHtml() method to disable Html escaping.