Markdown preview: move inline Markdown source to DOM element to properly escape
Markdown preview: HTML-escape inline Markdown source and move to (hidden) DOM element to properly encapsulate.
This should properly fix #1244 (closed).
219fb9d1 addresses Markdown source encapsulation within JS, but fails to account for the JS being embedded in HTML (so for example </script>
in the Markdown source breaks rendering since it is not escaped WRT the HTML document).
Additionally formatting was changed to the more idiomatic str.format()
.
The following very much non-exhaustive Markdown document was used to trivially test against the problems raised in that issue, as well as the </script>
case:
```
"
```
```
\"
```
```
<>
```
```
foo \
bar
```
```
</script>
```
</script>
foo