Because we don’t have to understand HTML to make markdown safe - apart from inline HTML, there are only a very small number of entry points for injected code.
Yes, and that’s a good thing, don’t get me wrong, but because it is so difficult, even well tested and well maintained libraries are bound to have bugs. That’s fine if you have no option but to use them, but I think we have an easy option not to - at least for sites that aren’t concerned about supporting inline HTML or esoteric links.
This is the crucial issue - if it’s hard then my proposal is pointless and we might as well just advise on post processing sanitization as we do, however my take-away from your earlier comment is that links could be sanitized easily by walking the AST prior to rendering - in which case it should be relatively easy to add a third parse (or additional stage to link/image parsing) which does the same? Please forgive me if I’m misunderstanding how parsing works here.