refer :
https://www.intricatecloud.io/2019/10/using-angular-innerhtml-to-display-user-generated-content-without-sacrificing-security/
https://github.com/cure53/DOMPurify
ng 默认情况下是会替我们消毒的. 但是它没有 config 让我们调.
如果你希望 config 可以调的话,就 bypass ng 的, 然后用一个 plugin 来替代就 ok 了.