7 files changed, 12 insertions, 9 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
index 5b914f293d..d055acb296 100644
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -77,7 +77,7 @@ module ActionDispatch
   #                       domain and subdomains.
   #
   # * <tt>:expires</tt> - The time at which this cookie expires, as a \Time object.
-  # * <tt>:secure</tt> - Whether this cookie is a only transmitted to HTTPS servers.
+  # * <tt>:secure</tt> - Whether this cookie is only transmitted to HTTPS servers.
   #   Default is +false+.
   # * <tt>:httponly</tt> - Whether this cookie is accessible via scripting or
   #   only HTTP. Defaults to +false+.
diff --git a/actionpack/lib/action_dispatch/railtie.rb b/actionpack/lib/action_dispatch/railtie.rb
index edf37bb9a5..2dfaab3587 100644
--- a/actionpack/lib/action_dispatch/railtie.rb
+++ b/actionpack/lib/action_dispatch/railtie.rb
@@ -20,8 +20,7 @@ module ActionDispatch
     config.action_dispatch.default_headers = {
       'X-Frame-Options' => 'SAMEORIGIN',
       'X-XSS-Protection' => '1; mode=block',
-      'X-Content-Type-Options' => 'nosniff',
-      'X-UA-Compatible' => 'chrome=1'
+      'X-Content-Type-Options' => 'nosniff'
     }
 
     config.eager_load_namespaces << ActionDispatch
diff --git a/actionpack/lib/action_view/helpers/asset_url_helper.rb b/actionpack/lib/action_view/helpers/asset_url_helper.rb
index b5f2df76ab..0b957adb91 100644
--- a/actionpack/lib/action_view/helpers/asset_url_helper.rb
+++ b/actionpack/lib/action_view/helpers/asset_url_helper.rb
@@ -105,7 +105,7 @@ module ActionView
     #   )
     #
     module AssetUrlHelper
-      URI_REGEXP = %r{^[-a-z]+://|^(?:cid|data):|^//}
+      URI_REGEXP = %r{^[-a-z]+://|^(?:cid|data):|^//}i
 
       # Computes the path to asset in public directory. If :type
       # options is set, a file extension will be appended and scoped
diff --git a/actionpack/lib/action_view/helpers/tag_helper.rb b/actionpack/lib/action_view/helpers/tag_helper.rb
index 3939e4737b..732f35643a 100644
--- a/actionpack/lib/action_view/helpers/tag_helper.rb
+++ b/actionpack/lib/action_view/helpers/tag_helper.rb
@@ -12,8 +12,11 @@ module ActionView
 
       BOOLEAN_ATTRIBUTES = %w(disabled readonly multiple checked autobuffer
                            autoplay controls loop selected hidden scoped async
-                           defer reversed ismap seemless muted required
-                           autofocus novalidate formnovalidate open pubdate itemscope).to_set
+                           defer reversed ismap seamless muted required
+                           autofocus novalidate formnovalidate open pubdate
+                           itemscope allowfullscreen default inert sortable
+                           truespeed typemustmatch).to_set
+
       BOOLEAN_ATTRIBUTES.merge(BOOLEAN_ATTRIBUTES.map {|attribute| attribute.to_sym })
 
       PRE_CONTENT_STRINGS = {
diff --git a/actionpack/lib/action_view/helpers/tags/collection_helpers.rb b/actionpack/lib/action_view/helpers/tags/collection_helpers.rb
index cd12ddaf65..388dcf1f13 100644
--- a/actionpack/lib/action_view/helpers/tags/collection_helpers.rb
+++ b/actionpack/lib/action_view/helpers/tags/collection_helpers.rb
@@ -73,8 +73,9 @@ module ActionView
             value = value_for_collection(item, @value_method)
             text  = value_for_collection(item, @text_method)
             default_html_options = default_html_options_for_collection(item, value)
+            additional_html_options = option_html_attributes(item)
 
-            yield item, value, text, default_html_options
+            yield item, value, text, default_html_options.merge(additional_html_options)
           end.join.html_safe
         end
       end
diff --git a/actionpack/lib/action_view/helpers/url_helper.rb b/actionpack/lib/action_view/helpers/url_helper.rb
index 8a83f6f356..19e5941971 100644
--- a/actionpack/lib/action_view/helpers/url_helper.rb
+++ b/actionpack/lib/action_view/helpers/url_helper.rb
@@ -380,7 +380,7 @@ module ActionView
           if block_given?
             block.arity <= 1 ? capture(name, &block) : capture(name, options, html_options, &block)
           else
-            name
+            ERB::Util.html_escape(name)
           end
         else
           link_to(name, options, html_options)
diff --git a/actionpack/lib/action_view/template.rb b/actionpack/lib/action_view/template.rb
index c25b1efc2b..e2c50fec47 100644
--- a/actionpack/lib/action_view/template.rb
+++ b/actionpack/lib/action_view/template.rb
@@ -267,7 +267,7 @@ module ActionView
         method_name = self.method_name
         code = @handler.call(self)
 
-        # Make sure that the resulting String to be evalled is in the
+        # Make sure that the resulting String to be eval'd is in the
         # encoding of the code
         source = <<-end_src
           def #{method_name}(local_assigns, output_buffer)