PATCH remote_function

I ran into issues using remote_function in beta4. &'s that I was
trying to pass were always being escaped to & even when I passed
my input string as html_safe. The code that generates the javascript
is all unsafe, so the following patch fixes the issue.

Updated patch with test...

I'm sure the core team is busy, but I was wondering if somebody can
commit my ticket for this issue or let me know if something should be
changed when you have time. I haven't heard anything in a few days.



Yehuda Katz
Architect | Engine Yard
(ph) 718.877.1325