<div [innerHTML]="html"></div> isn't working when the html contains an Iframe. I've tried to do some security bypass with this.sanitizer.bypassSecurityTrustResourceUrl(..., but it still doesn't work.

Here's the demo with angular2 not injecting correctly.

Working PLUNKER

You need to use bypassSecurityTrustHtml for that, and need to assign and use the sanitized html like this

this.html = this.sanitizer.bypassSecurityTrustHtml(this.html);