The task is to output the row using ng-bind-html tags br, img, a, and all the rest of escapeth, for example .
And yet, if the output img onload=somefunc (), you can do xss attack in this way ? Do you want to display the img tag only for emoji
Found the solution but only the br tag
https://toster.ru/q/177959/