Test failure on Chrome 62

[Narretz]

Chrome 62.0.3202 (Windows 10 0.0.0) HTML should prevent mXSS attacks FAILED

       Expected '<a href="&#12288;javascript:alert(1)">CLICKME</a>' to be '<a>CLICKME</a>'.

           at Object.<anonymous> (test/ngSanitize/sanitizeSpec.js:242:71)
```

[petebacondarwin]

This isn't picked up by Travis CI because SauceLabs does not currently offer Chrome v62

[Narretz]

I think I remember why I didn't mark this as security: the string is not actually executed as javascript because of the leading IDEOGRAPHIC SPACE (　).
So I'm not actually sure what this is testing. Also note that this test runs only in Chrome. Maybe C62 is now aligned with other browsers and doesn't need special treatment? The commit is unfortunately very light on this mxss stuff.

[petebacondarwin]

Created a fix here: #16311
It won't be tested via Travis (and SauceLabs) though, sadly.

[mgol]

The fact that those tests are run in Chrome only means we wouldn't catch similar regressions in other browsers, that sounds bad. Can we enable them everywhere?

[petebacondarwin]

I have enabled that test across the board now.