Don't call escapeMarkup on the result of formatSelection and formatResult.
Instead, modify the default formatSeleciton and formatResult to escape their text inputs.
That is: if the point of formatSelection and formatResult is to take in text and return HTML,
they should properly escape their text.
This modification makes the escapeMarkup function more robust (actually escapes HTML, not just &) which makes
it work for remote data (which it didn't before because it would have allowed through < and > characters).