🐛 Koenig - Fixed pasting of plain text

refs TryGhost/Ghost#9724
- `formatMarkdown` was previously changed to return a SafeString but that meant any direct usage of the helper had to account for not dealing with a basic String type
- changed `formatMarkdown` to return a basic String
- modified helper usage of `{{sanitize-html}}` to use triple-curlies

Author: kevinansfield

lib/koenig-editor/addon/helpers/sanitize-html.js

@@ -19,9 +19,7 @@ export function sanitizeHtml(params, options = {}) {
     }
 
     // sanitize html
-    html = html_sanitize(html, cajaSanitizers.url, cajaSanitizers.id);
-
-    return htmlSafe(html);
+    return html_sanitize(html, cajaSanitizers.url, cajaSanitizers.id);
 }
 
 export default helper(sanitizeHtml);

lib/koenig-editor/addon/templates/components/koenig-card-html.hbs

@@ -19,7 +19,7 @@
             update=(action "updateHtml")
         }}
     {{else}}
-        <div class="koenig-card-html-rendered">{{sanitize-html payload.html}}</div>
+        <div class="koenig-card-html-rendered">{{{sanitize-html payload.html}}}</div>
         <div class="koenig-card-click-overlay"></div>
     {{/if}}
 {{/koenig-card}}

tests/integration/helpers/sanitize-html-test.js

@@ -11,15 +11,15 @@ describe('Integration: Helper: sanitize-html', function () {
     it('renders html', function () {
         this.set('inputValue', '<strong>bold</strong>');
 
-        this.render(hbs`{{sanitize-html inputValue}}`);
+        this.render(hbs`{{{sanitize-html inputValue}}}`);
 
         expect(this.$().html().trim()).to.equal('<strong>bold</strong>');
     });
 
     it('replaces scripts', function () {
         this.set('inputValue', '<script></script>');
 
-        this.render(hbs`{{sanitize-html inputValue}}`);
+        this.render(hbs`{{{sanitize-html inputValue}}}`);
 
         expect(this.$().html().trim()).to.equal('<pre class="js-embed-placeholder">Embedded JavaScript</pre>');
     });