This consists of:
* String#html_safe! a method to mark a string as 'safe'
* ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
* Calls to String#html_safe! throughout the rails helpers
* a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
* New ERB implementation based on erubis which uses a SafeBuffer instead of a String
Hat tip to Django for the inspiration.
We're in no position to mediate disputes on this matter, and the previous change to use ISO 3166 has offended just as many people as the ad-hoc list did.
If you want the old list back you can install the plugin:
ruby script/plugin install git://github.com/rails/country_select.git
