I don't know the details, but I believe sanitize uses of innerHTML to avoid some common security vulnerabilities. More details here: https://groups.google.com/a/dartlang.org/forum/#!topic/misc/...