6 files changed, 28 insertions, 17 deletions
diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md
index 4adf1dbd8f..9eb68db101 100644
--- a/actionview/CHANGELOG.md
+++ b/actionview/CHANGELOG.md
@@ -1,6 +1,10 @@
-*   Ensure ActionView::Digestor.cache is correctly cleaned up when
-    combining recursive templates with ActionView::Resolver.caching = false
-    
+*   Fix `simple_format` escapes own output when passing `sanitize: true`
+
+    *Paul Seidemann*
+
+*   Ensure `ActionView::Digestor.cache` is correctly cleaned up when
+    combining recursive templates with `ActionView::Resolver.caching = false`.
+
     *wyaeld*
 
 *   Fix `collection_check_boxes` generated hidden input to use the name attribute provided
@@ -8,7 +12,7 @@
 
     *Angel N. Sciortino*
 
-*   Fix some edge cases for AV `select` helper with `:selected` option
+*   Fix some edge cases for AV `select` helper with `:selected` option.
 
     *Bogdan Gusiev*
 
@@ -22,14 +26,14 @@
 
     *Bogdan Gusiev*
 
-*   Handle `:namespace` form option in collection labels
+*   Handle `:namespace` form option in collection labels.
 
     *Vasiliy Ermolovich*
 
-*   Fix `form_for` when both `namespace` and `as` options are present
+*   Fix `form_for` when both `namespace` and `as` options are present.
 
     `as` option no longer overwrites `namespace` option when generating
-    html id attribute of the form element
+    html id attribute of the form element.
 
     *Adam Niedzielski*
 
diff --git a/actionview/lib/action_view/helpers/atom_feed_helper.rb b/actionview/lib/action_view/helpers/atom_feed_helper.rb
index 42b1dd8933..af70a4242a 100644
--- a/actionview/lib/action_view/helpers/atom_feed_helper.rb
+++ b/actionview/lib/action_view/helpers/atom_feed_helper.rb
@@ -64,7 +64,7 @@ module ActionView
       #         'xmlns:openSearch' => 'http://a9.com/-/spec/opensearch/1.1/'}) do |feed|
       #       feed.title("My great blog!")
       #       feed.updated((@posts.first.created_at))
-      #       feed.tag!(openSearch:totalResults, 10)
+      #       feed.tag!('openSearch:totalResults', 10)
       #
       #       @posts.each do |post|
       #         feed.entry(post) do |entry|
diff --git a/actionview/lib/action_view/helpers/number_helper.rb b/actionview/lib/action_view/helpers/number_helper.rb
index 0a2011f87d..9adc2c1a8f 100644
--- a/actionview/lib/action_view/helpers/number_helper.rb
+++ b/actionview/lib/action_view/helpers/number_helper.rb
@@ -105,7 +105,7 @@ module ActionView
       #   number_to_currency(1234567890.50, unit: "&pound;", separator: ",", delimiter: "", format: "%n %u")
       #   # => 1234567890,50 &pound;
       def number_to_currency(number, options = {})
-        delegate_number_helper_method(number, options, :number_to_currency)
+        delegate_number_helper_method(:number_to_currency, number, options)
       end
 
       # Formats a +number+ as a percentage string (e.g., 65%). You can
@@ -145,7 +145,7 @@ module ActionView
       #
       #   number_to_percentage("98a", raise: true)                         # => InvalidNumberError
       def number_to_percentage(number, options = {})
-        delegate_number_helper_method(number, options, :number_to_percentage)
+        delegate_number_helper_method(:number_to_percentage, number, options)
       end
 
       # Formats a +number+ with grouped thousands using +delimiter+
@@ -178,7 +178,7 @@ module ActionView
       #
       #  number_with_delimiter("112a", raise: true)              # => raise InvalidNumberError
       def number_with_delimiter(number, options = {})
-        delegate_number_helper_method(number, options, :number_to_delimited)
+        delegate_number_helper_method(:number_to_delimited, number, options)
       end
 
       # Formats a +number+ with the specified level of
@@ -223,7 +223,7 @@ module ActionView
       #   number_with_precision(1111.2345, precision: 2, separator: ',', delimiter: '.')
       #   # => 1.111,23
       def number_with_precision(number, options = {})
-        delegate_number_helper_method(number, options, :number_to_rounded)
+        delegate_number_helper_method(:number_to_rounded, number, options)
       end
 
       # Formats the bytes in +number+ into a more understandable
@@ -275,7 +275,7 @@ module ActionView
       #   number_to_human_size(1234567890123, precision: 5)        # => "1.1229 TB"
       #   number_to_human_size(524288000, precision: 5)            # => "500 MB"
       def number_to_human_size(number, options = {})
-        delegate_number_helper_method(number, options, :number_to_human_size)
+        delegate_number_helper_method(:number_to_human_size, number, options)
       end
 
       # Pretty prints (formats and approximates) a number in a way it
@@ -377,12 +377,12 @@ module ActionView
       #  number_to_human(0.34, units: :distance)                # => "34 centimeters"
       #
       def number_to_human(number, options = {})
-        delegate_number_helper_method(number, options, :number_to_human)
+        delegate_number_helper_method(:number_to_human, number, options)
       end
 
       private
 
-      def delegate_number_helper_method(number, options, method)
+      def delegate_number_helper_method(method, number, options)
         return unless number
         options = escape_unsafe_delimiters_and_separators(options.symbolize_keys)
 
diff --git a/actionview/lib/action_view/helpers/text_helper.rb b/actionview/lib/action_view/helpers/text_helper.rb
index c23d605c5f..b0e4aa3cd3 100644
--- a/actionview/lib/action_view/helpers/text_helper.rb
+++ b/actionview/lib/action_view/helpers/text_helper.rb
@@ -268,7 +268,7 @@ module ActionView
           content_tag(wrapper_tag, nil, html_options)
         else
           paragraphs.map! { |paragraph|
-            content_tag(wrapper_tag, paragraph, html_options, options[:sanitize])
+            content_tag(wrapper_tag, paragraph, html_options, false)
           }.join("\n\n").html_safe
         end
       end
diff --git a/actionview/lib/action_view/log_subscriber.rb b/actionview/lib/action_view/log_subscriber.rb
index 9336b29d0b..6c8d9cb5bf 100644
--- a/actionview/lib/action_view/log_subscriber.rb
+++ b/actionview/lib/action_view/log_subscriber.rb
@@ -30,7 +30,9 @@ module ActionView
 
     EMPTY = ''
     def from_rails_root(string)
-      string.sub(rails_root, EMPTY).sub(VIEWS_PATTERN, EMPTY)
+      string = string.sub(rails_root, EMPTY)
+      string.sub!(VIEWS_PATTERN, EMPTY)
+      string
     end
 
     def rails_root
diff --git a/actionview/test/template/text_helper_test.rb b/actionview/test/template/text_helper_test.rb
index c2999fcb85..c624326683 100644
--- a/actionview/test/template/text_helper_test.rb
+++ b/actionview/test/template/text_helper_test.rb
@@ -42,6 +42,11 @@ class TextHelperTest < ActionView::TestCase
     assert_equal "<p><b> test with unsafe string </b></p>", simple_format("<b> test with unsafe string </b><script>code!</script>")
   end
 
+  def test_simple_format_should_sanitize_input_when_sanitize_option_is_true
+    assert_equal '<p><b> test with unsafe string </b></p>',
+      simple_format('<b> test with unsafe string </b><script>code!</script>', {}, sanitize: true)
+  end
+
   def test_simple_format_should_not_sanitize_input_when_sanitize_option_is_false
     assert_equal "<p><b> test with unsafe string </b><script>code!</script></p>", simple_format("<b> test with unsafe string </b><script>code!</script>", {}, :sanitize => false)
   end