Change the raw template handler to render html-safe strings

In PR #24929 the changelog was updated to make note that while the new
template handler was changed to raw this changed the behavior when
outputting plain html or js files. Previously ERB would output the files
unescaped. Changing the default handler to RAW meant that these same
files would be rendered as escaped rather than as js or html.

Because of this change in behavior and after the discussion #24949 in we
decided to change the behavior of the Raw handler to output html_safe
strings by default.

Now files rendered with the default handler (raw) render the file
unescaped.

1 files changed, 7 insertions, 0 deletions

diff --git a/actionview/test/template/render_test.rb b/actionview/test/template/render_test.rb
index ad93236d32..25b21850b1 100644
--- a/actionview/test/template/render_test.rb
+++ b/actionview/test/template/render_test.rb
@@ -100,6 +100,13 @@ module RenderTestCases
     assert_equal %q;Here are some characters: !@#$%^&*()-="'}{`; + "\n", @view.render(:template => "plain_text_with_characters")
   end
 
+  def test_render_raw_is_html_safe_and_does_not_escape_output
+    buffer = ActiveSupport::SafeBuffer.new
+    buffer << @view.render(file: "plain_text")
+    assert_equal true, buffer.html_safe?
+    assert_equal buffer, "<%= hello_world %>\n"
+  end
+
   def test_render_ruby_template_with_handlers
     assert_equal "Hello from Ruby code", @view.render(:template => "ruby_template")
   end