Why doesn't angular's $sanitize allow input and button elemnts?

Question

I have a question about angular-sanitize($sanitize)[1]. Why doesn't it allow input and button elements?

Example code:

$sanitize('<input/>') // ""
$sanitize('<button>A</button>') // ""

I have looked at the code and saw that there are hard-coded valid elements [2]. My question more about "Why they treat them as harmful elements"

Thanks!

score 0 · Accepted Answer · answered Nov 08 '17 at 23:22

0

Ok, looks like I have found the partial answer to my question - https://github.com/angular/angular.js/issues/5900

answered Nov 08 '17 at 23:22

maksimr

1 Answers1