feat(ng_bind_html): Configurable sanitizer via injectable NodeValidator.

[bgourlie]

No description provided.

[chirayuk]

I agree that ng_bind_html should use a configurable NodeValidator.  However, putting it as the default NodeValidator for the entire app (i.e. not just for use by ng_bind_html) implies that the only possible use for a NodeValidator is to sanitize for ng_bind_html.  In AngularJS, we use the $sanitize service to sanitize the html.  We don't have such a service here. Adding such a service would mean that you could replace the $sanitize service with one of your choice giving you the same functionality provided by this PR but without installing it as a dom.NodeValidator (which doesn't convey the intent/purpose.)

[bgourlie]

I appreciate the feedback Chirayu! I'll look into implementing something similar to angularjs.

[bgourlie]

@chirayuk So I looked into this and I don't think it's (reasonably) possible to implement a $sanitize service similar to angularjs. In dart, Element.innerHtml and Element.setInnerHtml are always sanitized and the only way to override default sanitization is to pass a custom dom.NodeValidator to it. In order for this to work similarly to angularjs, we'd have to create a dom.NodeValidator that does no sanitization, and then reimplement sanitization entirely, which would be far from ideal.

In order for this to work nicely, the $sanitize service would hold the reference to the dom.NodeValidator and would be responsible for setting the innerHtml of the element. Any thoughts on how to do this or alternative ideas?

[mhevery]

Resurrecting, as I think it is reasonable approach.