This consists of:
* String#html_safe! a method to mark a string as 'safe'
* ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
* Calls to String#html_safe! throughout the rails helpers
* a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
Note, this does *not* give you on-by-default XSS escaping in 2.3 applications. To get that you'll need to install a plugin:
http://github.com/nzkoz/rails_xss
The test case now mimicks the template environment more closely, so it's
possible to use render, load helper dependencies.
This also fixes assert_select, and similar assertions. Because view tests
and helpers generally don't render full templates assert_select looks
first in rendered and then in output_buffer to find the rendered output.
