Add support for whitelisting HTML automatically via trusted config option

Note that the HTML is not whitelisted by default. The user must explicitly set `trusted` to be `true` in the options configuration.

Closes #97

Author: wesleycho

demo/demo.html

@@ -15,6 +15,6 @@
   <form method="post">
     <textarea id="tinymce" ui-tinymce ng-model="tinymce"></textarea>
   </form>
-  <div>{{tinymce}}</div>
+  <div ng-bind-html="tinymce"></div>
 </body>
 </html>

src/tinymce.js

@@ -3,7 +3,7 @@
  */
 angular.module('ui.tinymce', [])
   .value('uiTinymceConfig', {})
-  .directive('uiTinymce', ['$rootScope', '$compile', '$timeout', '$window', 'uiTinymceConfig', function($rootScope, $compile, $timeout, $window, uiTinymceConfig) {
+  .directive('uiTinymce', ['$rootScope', '$compile', '$timeout', '$window', '$sce', 'uiTinymceConfig', function($rootScope, $compile, $timeout, $window, $sce, uiTinymceConfig) {
     uiTinymceConfig = uiTinymceConfig || {};
     var generatedIds = 0;
     var ID_ATTR = 'ui-tinymce';
@@ -19,7 +19,12 @@ angular.module('ui.tinymce', [])
 
         var expression, options, tinyInstance,
           updateView = function(editor) {
-            ngModel.$setViewValue(editor.getContent({format: options.format}).trim());
+            var content = editor.getContent({format: options.format}).trim();
+            if (options.trusted) {
+              content = $sce.trustAsHtml(content);
+            }
+
+            ngModel.$setViewValue(content);
             if (!$rootScope.$$phase) {
               scope.$apply();
             }