看看这里：http://docs.angularjs.org/api/ngSanitize/service/$sanitize

如果你想逃避使用 NG-绑定，它会呈现不跨pretation这样的标签：

If you want escape use ng-bind, it ll render the tag without interpretation like that :

你好＆LT; B＆GT;世界与LT; / B＆GT; 不喜欢你好全球！

你明白吗？所以NG-绑定是安全的，因为它不关心HTML标签。

Do you understand ? so ng-bind is safe because it doesn't care about HTML tags.

如果你希望你的HTML标记间preTED但安全只是用NG绑定，HTML！

If you want that your HTML tags be interpreted but safely just use ng-bind-html !

例如，如果你想显示此字符串：

For example if you want to display this string :

'Hello <b>World</b><input type="text" />'

结果将是：你好，全球，但没有输入，因为AngularJS编译器使用$消毒服务并检查HTML元素的白名单和iput无权

The result will be : Hello World but without the input because AngularJS compiler uses $sanitize service and check a whitelist of HTML elements and an iput is not authorized.

也许NG-绑定，HTML是你在找什么。

Maybe ng-bind-html is what you're looking for.

如果你只是想确保用户不能把html标签在你输入的只是使用指令NG-图案的投入！

If you just want be sure that the user can't put html tags in your input just use the directive ng-pattern on your inputs !

http://docs.angularjs.org/api/ng/directive/input

这需要一个正则表达式为不允许的字符在输入！

It takes a regex for allowed characters in your input !

希望它帮助！