Everything you know about html_safe is wrong

http://makandracards.com/makandra/2579-everything-you-know-about-html_safe-is-wrong

"foo".length
# => 3
"foo".class
# => String

"foo".html_safe.length
# => 3
"foo".html_safe.class
# => ActiveSupport::SafeBuffer

"<foo>".html_safe + "<bar>"
# => "<foo>&lt;bar&gt;"

"<foo>".html_safe + "<bar>".html_safe
# => "<foo><bar>"

Note how calling html_safe on a String doesn't escape or unescape the String itself. It doesn't change the string at all. All it does is return is a SafeBuffer which will handle future concatenations differently than a String.