What makes you think that? I just skimmed the draft and it seems to use a sensible whitelist as default. Developers can allow or deny additional elements/attributes as they like.
What? Whitelisting is one technique which you can use in sanitizing content generated from unknown sources. If you need to generated such content then it's a probably a special feature of your software and no smell
Apart from performance this smells of not using a whitelist mechanism (I hope this is not the case).