Custom html_escape method never used

I was looking at old patches, and came across:

When I tried to reproduce, I found that the rails version wasn't
getting called at all, whether references by "html_escape" or "h".

It looks like when util.rb does -require 'erb'-, erb loads the code
in util.rb first, then goes back and overwrites the definition of the
method. Probably a side-effect of require-mucking in dependencies.rb,

Here's a gist that lays it all out


Here's a gist that lays it all out

I actually have a fix for this in the rails_xss branch which is due to
hit for 3.0. I addition to redefining it for performance reasons we
need to add awareness of the escaped status of the string.