🐛 [#4978] Fix accidental HTML escaping in summary PDF/confirmation email

While the component/formatter properly takes care of conditional
escaping by leveraging format_html and friends, the post-processor
was converting the SafeString into a regular string again by doing
string-interpolation for the file names, which leads to the full
result being HTML escaped again.

In HTML mode, the prefix 'attachment' is now dropped, as the markup and
context of the label/field should provide sufficient information and
the 'attachment:' prefix looks odd in combination with the <ul> markup.

src/openforms/emails/tests/test_confirmation_email.py

@@ -227,9 +227,7 @@ def test_attachment(self):
         self.assertTagWithTextIn("td", "Last name", rendered_content)
         self.assertTagWithTextIn("td", "Doe", rendered_content)
         self.assertTagWithTextIn("td", "File", rendered_content)
-        self.assertTagWithTextIn(
-            "td", _("attachment: %s") % "my-image.jpg", rendered_content
-        )
+        self.assertTagWithTextIn("td", "my-image.jpg", rendered_content)
 
     @patch(
         "openforms.emails.templatetags.appointments.get_plugin",

src/openforms/formio/formatters/formio.py

@@ -81,10 +81,14 @@ def normalise_value_to_list(self, component: Component, value: Any):
             return value
 
     def process_result(self, component: Component, formatted: str) -> str:
-        # prefix joined filenames to match legacy
-        if formatted:
+        if not formatted:
+            return ""
+
+        # Make sure we don't mangle safe-strings!
+        if self.as_html:
+            return formatted
+        else:
             return _("attachment: %s") % formatted
-        return formatted
 
     def format(self, component: Component, value: dict) -> str:
         # this is only valid for display to the user (because filename component option, dedupe etc)