[Haml] Fix a bug with haml_tag and Rails XSS.

Closes gh-92

doc-src/HAML_CHANGELOG.md

@@ -14,6 +14,9 @@
 * Fix a bug where calls to ActionView's `render` method
   with blocks and layouts wouldn't work under the Rails 3.0 beta.
 
+* Fix a bug where the closing tags of nested calls to \{Haml::Helpers#haml\_concat}
+  were improperly escaped under the Rails 3.0 beta.
+
 ## 2.2.19
 
 [Tagged on GitHub](http://github.com/nex3/haml/commit/2.2.19).

lib/haml/helpers/action_view_extensions.rb

@@ -45,10 +45,10 @@ module Haml
       # @yield A block in which all input to `#haml_concat` is treated as raw.
       # @see Haml::Util#rails_xss_safe?
       def with_raw_haml_concat
-        @_haml_concat_raw = true
+        @_haml_concat_raw, old = true, @_haml_concat_raw
         yield
       ensure
-        @_haml_concat_raw = false
+        @_haml_concat_raw = old
       end
     end
   end

test/haml/template_test.rb

@@ -309,6 +309,20 @@ END
 
     ## Regression
 
+    def test_xss_protection_with_nested_haml_tag
+      assert_equal(<<HTML, render(<<HAML, :action_view))
+<div>
+  <ul>
+    <li>Content!</li>
+  </ul>
+</div>
+HTML
+- haml_tag :div do
+  - haml_tag :ul do
+    - haml_tag :li, "Content!"
+HAML
+    end
+
     def test_xss_protection_with_form_for
       assert_equal(<<HTML, render(<<HAML, :action_view))
 <form action="" method="post">