为什么 angular 的 $sanitize 不允许输入和按钮元素?

Why doesn't angular's $sanitize allow input and button elemnts?

我有一个关于 angular-sanitize($sanitize)[1] 的问题。 为什么它不允许输入和按钮元素?

示例代码:

$sanitize('<input/>') // ""
$sanitize('<button>A</button>') // ""

我查看了代码,发现存在硬编码的有效元素 [2]。我的问题更多关于 "Why they treat them as harmful elements"

谢谢!

[1] - https://github.com/angular/angular.js/blob/0822d34b10ea0371c260c80a1486a4d508ea5a91/src/ngSanitize/sanitize.js#L1 [2] - https://github.com/angular/angular.js/blob/0822d34b10ea0371c260c80a1486a4d508ea5a91/src/ngSanitize/sanitize.js#L265-L269

好的,看来我找到了问题的部分答案 - https://github.com/angular/angular.js/issues/5900