Rails 2.3.8 Upgrade Mods

Same problem here but solved! hopefully this is helpful. Solution was
to watch Ryan Bates Railscast on Rails 3 XSS, and then to ensure any
strings being sent out by my form and custom helpers was HTML Safe =>
Just look for where the helpers are rendering tags and string and add
the ".html_safe" method on the end.

Hope this is helpful