I'm using ng-bind-html to sanitize HTML in a directive template:
<h2><a href="{{ post.url }}" ng-bind-html="post.title"></a></h2>
The compiled output is correct, with one exception, it's not sanitizing the HTML apostrophe which is being printed as â€tm. The page is encoded as charset='utf-8'.
ng-bind-html does a lot for your needs, but to go beyond the basic you should investigate the $sce service