Okay in my directive I'm inserting some html that contains an ng-click, and because Angular doesn't trust me I need to run it through $sce.trustAsHtml:

(randomvalue is just a randomized token generated on the fly)

$scope.trustedHtml = $sce.trustAsHtml("<span ng-click=\"myfunction(\'" + randomvalue + "\')\">Click Me!</span>"); $('#myelement').append($compile($('<span ng-bind-html="trustedHtml"></span>'))($scope)); $scope.apply();

The problem with that is every time the function is called $scope.trustedHtml changes the 'randomvalue' for all of the elements on the page when $apply is used. Meaning all the ng-clicks will change to "ng-click="myfunction('these are now all identical tokens!')""

But using "var trustedHtml" instead of $scope for some reason causes Sanitize to add double quotes to the ng-click expression at the first empty space, and will add an extra space and then a doublequote if I replace all spaces with html characters.

So how am I supposed to insert multiple ng-clicks with different variables? Is there a way to "un-scope" $scope.trustedHtml after it's applied? Or is there a way to stop Sanitize from wrecking my html with extra double quotes?