Merge pull request #4289 from rafaelfranca/patch-1

No need of html_safe here

actionpack/lib/action_view/helpers/form_helper.rb

@@ -1093,7 +1093,7 @@ def to_check_box_tag(options = {}, checked_value = "1", unchecked_value = "0")
         end
         hidden = tag("input", "name" => options["name"], "type" => "hidden", "value" => options['disabled'] && checked ? checked_value : unchecked_value)
         checkbox = tag("input", options)
-        (hidden + checkbox).html_safe
+        hidden + checkbox
       end
 
       def to_boolean_select_tag(options = {})

actionpack/test/template/form_helper_test.rb

@@ -330,6 +330,7 @@ def test_text_field_with_custom_type
   end
 
   def test_check_box
+    assert check_box("post", "secret").html_safe?
     assert_dom_equal(
       '<input name="post[secret]" type="hidden" value="0" /><input checked="checked" id="post_secret" name="post[secret]" type="checkbox" value="1" />',
       check_box("post", "secret")

activesupport/test/safe_buffer_test.rb

@@ -96,6 +96,13 @@ def setup
     assert !@buffer.dup.html_safe?
   end
 
+  test "Should return safe buffer when added with another safe buffer" do
+    clean = "<script>".html_safe
+    result_buffer = @buffer + clean
+    assert result_buffer.html_safe?
+    assert_equal "<script>", result_buffer
+  end
+
   test "Should raise an error when safe_concat is called on dirty buffers" do
     @buffer.gsub!('', '<>')
     assert_raise ActiveSupport::SafeBuffer::SafeConcatError do