The bsTrustHtml pipe marks a string as trusted HTML so Angular will render it via [innerHTML] without sanitization stripping out the markup. Only use on content you control.
bsTrustHtml
[innerHTML]