activesupport 5.2.7.1 → 6.1.4.6

data/lib/active_support/core_ext/range/conversions.rb

@@ -1,39 +1,41 @@
 # frozen_string_literal: true
 
-module ActiveSupport::RangeWithFormat
-  RANGE_FORMATS = {
-    db: -> (start, stop) do
-      case start
-      when String then "BETWEEN '#{start}' AND '#{stop}'"
+module ActiveSupport
+  module RangeWithFormat
+    RANGE_FORMATS = {
+      db: -> (start, stop) do
+        case start
+        when String then "BETWEEN '#{start}' AND '#{stop}'"
+        else
+          "BETWEEN '#{start.to_s(:db)}' AND '#{stop.to_s(:db)}'"
+        end
+      end
+    }
+
+    # Convert range to a formatted string. See RANGE_FORMATS for predefined formats.
+    #
+    #   range = (1..100)           # => 1..100
+    #
+    #   range.to_s                 # => "1..100"
+    #   range.to_s(:db)            # => "BETWEEN '1' AND '100'"
+    #
+    # == Adding your own range formats to to_s
+    # You can add your own formats to the Range::RANGE_FORMATS hash.
+    # Use the format name as the hash key and a Proc instance.
+    #
+    #   # config/initializers/range_formats.rb
+    #   Range::RANGE_FORMATS[:short] = ->(start, stop) { "Between #{start.to_s(:db)} and #{stop.to_s(:db)}" }
+    def to_s(format = :default)
+      if formatter = RANGE_FORMATS[format]
+        formatter.call(first, last)
       else
-        "BETWEEN '#{start.to_s(:db)}' AND '#{stop.to_s(:db)}'"
+        super()
       end
     end
-  }
 
-  # Convert range to a formatted string. See RANGE_FORMATS for predefined formats.
-  #
-  #   range = (1..100)           # => 1..100
-  #
-  #   range.to_s                 # => "1..100"
-  #   range.to_s(:db)            # => "BETWEEN '1' AND '100'"
-  #
-  # == Adding your own range formats to to_s
-  # You can add your own formats to the Range::RANGE_FORMATS hash.
-  # Use the format name as the hash key and a Proc instance.
-  #
-  #   # config/initializers/range_formats.rb
-  #   Range::RANGE_FORMATS[:short] = ->(start, stop) { "Between #{start.to_s(:db)} and #{stop.to_s(:db)}" }
-  def to_s(format = :default)
-    if formatter = RANGE_FORMATS[format]
-      formatter.call(first, last)
-    else
-      super()
-    end
+    alias_method :to_default_s, :to_s
+    alias_method :to_formatted_s, :to_s
   end
-
-  alias_method :to_default_s, :to_s
-  alias_method :to_formatted_s, :to_s
 end
 
 Range.prepend(ActiveSupport::RangeWithFormat)

data/lib/active_support/core_ext/range/each.rb

@@ -15,7 +15,6 @@ module ActiveSupport
     end
 
     private
-
       def ensure_iteration_allowed
         raise TypeError, "can't iterate from #{first.class}" if first.is_a?(TimeWithZone)
       end

data/lib/active_support/core_ext/range/include_time_with_zone.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require "active_support/time_with_zone"
+require "active_support/deprecation"
 
 module ActiveSupport
   module IncludeTimeWithZone #:nodoc:
@@ -9,9 +10,13 @@ module ActiveSupport
     #   (1.hour.ago..1.hour.from_now).include?(Time.current) # => true
     #
     def include?(value)
-      if first.is_a?(TimeWithZone)
-        cover?(value)
-      elsif last.is_a?(TimeWithZone)
+      if self.begin.is_a?(TimeWithZone) || self.end.is_a?(TimeWithZone)
+        ActiveSupport::Deprecation.warn(<<-MSG.squish)
+          Using `Range#include?` to check the inclusion of a value in
+          a date time range is deprecated.
+          It is recommended to use `Range#cover?` instead of `Range#include?` to
+          check the inclusion of a value in a date time range.
+        MSG
         cover?(value)
       else
         super

data/lib/active_support/core_ext/regexp.rb

@@ -1,11 +1,14 @@
 # frozen_string_literal: true
 
-class Regexp #:nodoc:
+class Regexp
+  # Returns +true+ if the regexp has the multiline flag set.
+  #
+  #   (/./).multiline?  # => false
+  #   (/./m).multiline? # => true
+  #
+  #   Regexp.new(".").multiline?                    # => false
+  #   Regexp.new(".", Regexp::MULTILINE).multiline? # => true
   def multiline?
     options & MULTILINE == MULTILINE
   end
-
-  def match?(string, pos = 0)
-    !!match(string, pos)
-  end unless //.respond_to?(:match?)
 end

data/lib/active_support/core_ext/securerandom.rb

@@ -4,17 +4,18 @@ require "securerandom"
 
 module SecureRandom
   BASE58_ALPHABET = ("0".."9").to_a + ("A".."Z").to_a + ("a".."z").to_a - ["0", "O", "I", "l"]
+  BASE36_ALPHABET = ("0".."9").to_a + ("a".."z").to_a
+
   # SecureRandom.base58 generates a random base58 string.
   #
-  # The argument _n_ specifies the length, of the random string to be generated.
+  # The argument _n_ specifies the length of the random string to be generated.
   #
   # If _n_ is not specified or is +nil+, 16 is assumed. It may be larger in the future.
   #
-  # The result may contain alphanumeric characters except 0, O, I and l
+  # The result may contain alphanumeric characters except 0, O, I and l.
   #
   #   p SecureRandom.base58 # => "4kUgL2pdQMSCQtjE"
   #   p SecureRandom.base58(24) # => "77TMHrHJFvFDwodq8w7Ev2m7"
-  #
   def self.base58(n = 16)
     SecureRandom.random_bytes(n).unpack("C*").map do |byte|
       idx = byte % 64
@@ -22,4 +23,23 @@ module SecureRandom
       BASE58_ALPHABET[idx]
     end.join
   end
+
+  # SecureRandom.base36 generates a random base36 string in lowercase.
+  #
+  # The argument _n_ specifies the length of the random string to be generated.
+  #
+  # If _n_ is not specified or is +nil+, 16 is assumed. It may be larger in the future.
+  # This method can be used over +base58+ if a deterministic case key is necessary.
+  #
+  # The result will contain alphanumeric characters in lowercase.
+  #
+  #   p SecureRandom.base36 # => "4kugl2pdqmscqtje"
+  #   p SecureRandom.base36(24) # => "77tmhrhjfvfdwodq8w7ev2m7"
+  def self.base36(n = 16)
+    SecureRandom.random_bytes(n).unpack("C*").map do |byte|
+      idx = byte % 64
+      idx = SecureRandom.random_number(36) if idx >= 36
+      BASE36_ALPHABET[idx]
+    end.join
+  end
 end

data/lib/active_support/core_ext/string/access.rb

@@ -44,7 +44,7 @@ class String
   #   str.from(0).to(-1) # => "hello"
   #   str.from(1).to(-2) # => "ell"
   def from(position)
-    self[position..-1]
+    self[position, length]
   end
 
   # Returns a substring from the beginning of the string to the given position.
@@ -61,7 +61,8 @@ class String
   #   str.from(0).to(-1) # => "hello"
   #   str.from(1).to(-2) # => "ell"
   def to(position)
-    self[0..position]
+    position += size if position < 0
+    self[0, position + 1] || +""
   end
 
   # Returns the first character. If a limit is supplied, returns a substring
@@ -75,13 +76,7 @@ class String
   #   str.first(0) # => ""
   #   str.first(6) # => "hello"
   def first(limit = 1)
-    if limit == 0
-      ""
-    elsif limit >= size
-      dup
-    else
-      to(limit - 1)
-    end
+    self[0, limit] || raise(ArgumentError, "negative limit")
   end
 
   # Returns the last character of the string. If a limit is supplied, returns a substring
@@ -95,12 +90,6 @@ class String
   #   str.last(0) # => ""
   #   str.last(6) # => "hello"
   def last(limit = 1)
-    if limit == 0
-      ""
-    elsif limit >= size
-      dup
-    else
-      from(-limit)
-    end
+    self[[length - limit, 0].max, limit] || raise(ArgumentError, "negative limit")
   end
 end

data/lib/active_support/core_ext/string/conversions.rb

@@ -18,6 +18,7 @@ class String
   #   "2012-12-13T06:12".to_time         # => 2012-12-13 06:12:00 +0100
   #   "2012-12-13T06:12".to_time(:utc)   # => 2012-12-13 06:12:00 UTC
   #   "12/13/2012".to_time               # => ArgumentError: argument out of range
+  #   "1604326192".to_time               # => ArgumentError: argument out of range
   def to_time(form = :local)
     parts = Date._parse(self, false)
     used_keys = %i(year mon mday hour min sec sec_fraction offset)

data/lib/active_support/core_ext/string/filters.rb

@@ -75,7 +75,48 @@ class String
         length_with_room_for_omission
       end
 
-    "#{self[0, stop]}#{omission}"
+    +"#{self[0, stop]}#{omission}"
+  end
+
+  # Truncates +text+ to at most <tt>bytesize</tt> bytes in length without
+  # breaking string encoding by splitting multibyte characters or breaking
+  # grapheme clusters ("perceptual characters") by truncating at combining
+  # characters.
+  #
+  #   >> "🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪".size
+  #   => 20
+  #   >> "🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪".bytesize
+  #   => 80
+  #   >> "🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪🔪".truncate_bytes(20)
+  #   => "🔪🔪🔪🔪…"
+  #
+  # The truncated text ends with the <tt>:omission</tt> string, defaulting
+  # to "…", for a total length not exceeding <tt>bytesize</tt>.
+  def truncate_bytes(truncate_at, omission: "…")
+    omission ||= ""
+
+    case
+    when bytesize <= truncate_at
+      dup
+    when omission.bytesize > truncate_at
+      raise ArgumentError, "Omission #{omission.inspect} is #{omission.bytesize}, larger than the truncation length of #{truncate_at} bytes"
+    when omission.bytesize == truncate_at
+      omission.dup
+    else
+      self.class.new.tap do |cut|
+        cut_at = truncate_at - omission.bytesize
+
+        scan(/\X/) do |grapheme|
+          if cut.bytesize + grapheme.bytesize <= cut_at
+            cut << grapheme
+          else
+            break
+          end
+        end
+
+        cut << omission
+      end
+    end
   end
 
   # Truncates a given +text+ after a given number of words (<tt>words_count</tt>):

data/lib/active_support/core_ext/string/inflections.rb

@@ -30,6 +30,8 @@ class String
   #   'apple'.pluralize(2)         # => "apples"
   #   'ley'.pluralize(:es)         # => "leyes"
   #   'ley'.pluralize(1, :es)      # => "ley"
+  #
+  # See ActiveSupport::Inflector.pluralize.
   def pluralize(count = nil, locale = :en)
     locale = count if count.is_a?(Symbol)
     if count == 1
@@ -53,28 +55,34 @@ class String
   #   'the blue mailmen'.singularize # => "the blue mailman"
   #   'CamelOctopi'.singularize      # => "CamelOctopus"
   #   'leyes'.singularize(:es)       # => "ley"
+  #
+  # See ActiveSupport::Inflector.singularize.
   def singularize(locale = :en)
     ActiveSupport::Inflector.singularize(self, locale)
   end
 
   # +constantize+ tries to find a declared constant with the name specified
   # in the string. It raises a NameError when the name is not in CamelCase
-  # or is not initialized.  See ActiveSupport::Inflector.constantize
+  # or is not initialized.
   #
   #   'Module'.constantize  # => Module
   #   'Class'.constantize   # => Class
   #   'blargle'.constantize # => NameError: wrong constant name blargle
+  #
+  # See ActiveSupport::Inflector.constantize.
   def constantize
     ActiveSupport::Inflector.constantize(self)
   end
 
   # +safe_constantize+ tries to find a declared constant with the name specified
   # in the string. It returns +nil+ when the name is not in CamelCase
-  # or is not initialized.  See ActiveSupport::Inflector.safe_constantize
+  # or is not initialized.
   #
   #   'Module'.safe_constantize  # => Module
   #   'Class'.safe_constantize   # => Class
   #   'blargle'.safe_constantize # => nil
+  #
+  # See ActiveSupport::Inflector.safe_constantize.
   def safe_constantize
     ActiveSupport::Inflector.safe_constantize(self)
   end
@@ -88,6 +96,10 @@ class String
   #   'active_record'.camelize(:lower)        # => "activeRecord"
   #   'active_record/errors'.camelize         # => "ActiveRecord::Errors"
   #   'active_record/errors'.camelize(:lower) # => "activeRecord::Errors"
+  #
+  # +camelize+ is also aliased as +camelcase+.
+  #
+  # See ActiveSupport::Inflector.camelize.
   def camelize(first_letter = :upper)
     case first_letter
     when :upper
@@ -108,11 +120,13 @@ class String
   # optional parameter +keep_id_suffix+ to true.
   # By default, this parameter is false.
   #
-  # +titleize+ is also aliased as +titlecase+.
-  #
   #   'man from the boondocks'.titleize                       # => "Man From The Boondocks"
   #   'x-men: the last stand'.titleize                        # => "X Men: The Last Stand"
   #   'string_ending_with_id'.titleize(keep_id_suffix: true)  # => "String Ending With Id"
+  #
+  # +titleize+ is also aliased as +titlecase+.
+  #
+  # See ActiveSupport::Inflector.titleize.
   def titleize(keep_id_suffix: false)
     ActiveSupport::Inflector.titleize(self, keep_id_suffix: keep_id_suffix)
   end
@@ -124,6 +138,8 @@ class String
   #
   #   'ActiveModel'.underscore         # => "active_model"
   #   'ActiveModel::Errors'.underscore # => "active_model/errors"
+  #
+  # See ActiveSupport::Inflector.underscore.
   def underscore
     ActiveSupport::Inflector.underscore(self)
   end
@@ -131,6 +147,8 @@ class String
   # Replaces underscores with dashes in the string.
   #
   #   'puni_puni'.dasherize # => "puni-puni"
+  #
+  # See ActiveSupport::Inflector.dasherize.
   def dasherize
     ActiveSupport::Inflector.dasherize(self)
   end
@@ -142,6 +160,8 @@ class String
   #   '::Inflections'.demodulize                         # => "Inflections"
   #   ''.demodulize                                      # => ''
   #
+  # See ActiveSupport::Inflector.demodulize.
+  #
   # See also +deconstantize+.
   def demodulize
     ActiveSupport::Inflector.demodulize(self)
@@ -155,6 +175,8 @@ class String
   #   '::String'.deconstantize    # => ""
   #   ''.deconstantize            # => ""
   #
+  # See ActiveSupport::Inflector.deconstantize.
+  #
   # See also +demodulize+.
   def deconstantize
     ActiveSupport::Inflector.deconstantize(self)
@@ -162,6 +184,11 @@ class String
 
   # Replaces special characters in a string so that it may be used as part of a 'pretty' URL.
   #
+  # If the optional parameter +locale+ is specified,
+  # the word will be parameterized as a word of that language.
+  # By default, this parameter is set to <tt>nil</tt> and it will use
+  # the configured <tt>I18n.locale</tt>.
+  #
   #   class Person
   #     def to_param
   #       "#{id}-#{name.parameterize}"
@@ -187,8 +214,10 @@ class String
   #
   #   <%= link_to(@person.name, person_path) %>
   #   # => <a href="/person/1-Donald-E-Knuth">Donald E. Knuth</a>
-  def parameterize(separator: "-", preserve_case: false)
-    ActiveSupport::Inflector.parameterize(self, separator: separator, preserve_case: preserve_case)
+  #
+  # See ActiveSupport::Inflector.parameterize.
+  def parameterize(separator: "-", preserve_case: false, locale: nil)
+    ActiveSupport::Inflector.parameterize(self, separator: separator, preserve_case: preserve_case, locale: locale)
   end
 
   # Creates the name of a table like Rails does for models to table names. This method
@@ -197,6 +226,8 @@ class String
   #   'RawScaledScorer'.tableize # => "raw_scaled_scorers"
   #   'ham_and_egg'.tableize     # => "ham_and_eggs"
   #   'fancyCategory'.tableize   # => "fancy_categories"
+  #
+  # See ActiveSupport::Inflector.tableize.
   def tableize
     ActiveSupport::Inflector.tableize(self)
   end
@@ -207,6 +238,8 @@ class String
   #
   #   'ham_and_eggs'.classify # => "HamAndEgg"
   #   'posts'.classify        # => "Post"
+  #
+  # See ActiveSupport::Inflector.classify.
   def classify
     ActiveSupport::Inflector.classify(self)
   end
@@ -228,6 +261,8 @@ class String
   #   'author_id'.humanize(capitalize: false)       # => "author"
   #   '_id'.humanize                                # => "Id"
   #   'author_id'.humanize(keep_id_suffix: true)    # => "Author Id"
+  #
+  # See ActiveSupport::Inflector.humanize.
   def humanize(capitalize: true, keep_id_suffix: false)
     ActiveSupport::Inflector.humanize(self, capitalize: capitalize, keep_id_suffix: keep_id_suffix)
   end
@@ -237,6 +272,8 @@ class String
   #   'what a Lovely Day'.upcase_first # => "What a Lovely Day"
   #   'w'.upcase_first                 # => "W"
   #   ''.upcase_first                  # => ""
+  #
+  # See ActiveSupport::Inflector.upcase_first.
   def upcase_first
     ActiveSupport::Inflector.upcase_first(self)
   end
@@ -248,6 +285,8 @@ class String
   #   'Message'.foreign_key        # => "message_id"
   #   'Message'.foreign_key(false) # => "messageid"
   #   'Admin::Post'.foreign_key    # => "post_id"
+  #
+  # See ActiveSupport::Inflector.foreign_key.
   def foreign_key(separate_class_name_and_id_with_underscore = true)
     ActiveSupport::Inflector.foreign_key(self, separate_class_name_and_id_with_underscore)
   end

data/lib/active_support/core_ext/string/inquiry.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require "active_support/string_inquirer"
+require "active_support/environment_inquirer"
 
 class String
   # Wraps the current string in the <tt>ActiveSupport::StringInquirer</tt> class,

data/lib/active_support/core_ext/string/multibyte.rb

@@ -11,12 +11,13 @@ class String
   # encapsulates the original string. A Unicode safe version of all the String methods are defined on this proxy
   # class. If the proxy class doesn't respond to a certain method, it's forwarded to the encapsulated string.
   #
-  #   >> "lj".upcase
-  #   => "lj"
   #   >> "lj".mb_chars.upcase.to_s
   #   => "LJ"
   #
-  # NOTE: An above example is useful for pre Ruby 2.4. Ruby 2.4 supports Unicode case mappings.
+  # NOTE: Ruby 2.4 and later support native Unicode case mappings:
+  #
+  #   >> "lj".upcase
+  #   => "LJ"
   #
   # == Method chaining
   #
@@ -46,9 +47,9 @@ class String
   #   iso_str.is_utf8?   # => false
   def is_utf8?
     case encoding
-    when Encoding::UTF_8
+    when Encoding::UTF_8, Encoding::US_ASCII
       valid_encoding?
-    when Encoding::ASCII_8BIT, Encoding::US_ASCII
+    when Encoding::ASCII_8BIT
       dup.force_encoding(Encoding::UTF_8).valid_encoding?
     else
       false

data/lib/active_support/core_ext/string/output_safety.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 require "erb"
-require "active_support/core_ext/kernel/singleton_class"
 require "active_support/core_ext/module/redefine_method"
 require "active_support/multibyte/unicode"
 
@@ -12,14 +11,6 @@ class ERB
     HTML_ESCAPE_ONCE_REGEXP = /["><']|&(?!([a-zA-Z]+|(#\d+)|(#[xX][\dA-Fa-f]+));)/
     JSON_ESCAPE_REGEXP = /[\u2028\u2029&><]/u
 
-    # Following XML requirements: https://www.w3.org/TR/REC-xml/#NT-Name
-    TAG_NAME_START_REGEXP_SET = ":A-Z_a-z\u{C0}-\u{D6}\u{D8}-\u{F6}\u{F8}-\u{2FF}\u{370}-\u{37D}\u{37F}-\u{1FFF}" \
-                                "\u{200C}-\u{200D}\u{2070}-\u{218F}\u{2C00}-\u{2FEF}\u{3001}-\u{D7FF}\u{F900}-\u{FDCF}" \
-                                "\u{FDF0}-\u{FFFD}\u{10000}-\u{EFFFF}"
-    TAG_NAME_START_REGEXP = /[^#{TAG_NAME_START_REGEXP_SET}]/
-    TAG_NAME_FOLLOWING_REGEXP = /[^#{TAG_NAME_START_REGEXP_SET}\-.0-9\u{B7}\u{0300}-\u{036F}\u{203F}-\u{2040}]/
-    TAG_NAME_REPLACEMENT_CHAR = "_"
-
     # A utility method for escaping HTML tag characters.
     # This method is also aliased as <tt>h</tt>.
     #
@@ -93,7 +84,7 @@ class ERB
     # use inside HTML attributes.
     #
     # If your JSON is being used downstream for insertion into the DOM, be aware of
-    # whether or not it is being inserted via +html()+. Most jQuery plugins do this.
+    # whether or not it is being inserted via <tt>html()</tt>. Most jQuery plugins do this.
     # If that is the case, be sure to +html_escape+ or +sanitize+ any user-generated
     # content returned by your JSON.
     #
@@ -124,26 +115,6 @@ class ERB
     end
 
     module_function :json_escape
-
-    # A utility method for escaping XML names of tags and names of attributes.
-    #
-    #   xml_name_escape('1 < 2 & 3')
-    #   # => "1___2___3"
-    #
-    # It follows the requirements of the specification: https://www.w3.org/TR/REC-xml/#NT-Name
-    def xml_name_escape(name)
-      name = name.to_s
-      return "" if name.blank?
-
-      starting_char = name[0].gsub(TAG_NAME_START_REGEXP, TAG_NAME_REPLACEMENT_CHAR)
-
-      return starting_char if name.size == 1
-
-      following_chars = name[1..-1].gsub(TAG_NAME_FOLLOWING_REGEXP, TAG_NAME_REPLACEMENT_CHAR)
-
-      starting_char + following_chars
-    end
-    module_function :xml_name_escape
   end
 end
 
@@ -162,10 +133,13 @@ end
 module ActiveSupport #:nodoc:
   class SafeBuffer < String
     UNSAFE_STRING_METHODS = %w(
-      capitalize chomp chop delete downcase gsub lstrip next reverse rstrip
-      slice squeeze strip sub succ swapcase tr tr_s upcase
+      capitalize chomp chop delete delete_prefix delete_suffix
+      downcase lstrip next reverse rstrip scrub slice squeeze strip
+      succ swapcase tr tr_s unicode_normalize upcase
     )
 
+    UNSAFE_STRING_METHODS_WITH_BACKREF = %w(gsub sub)
+
     alias_method :original_concat, :concat
     private :original_concat
 
@@ -177,15 +151,13 @@ module ActiveSupport #:nodoc:
     end
 
     def [](*args)
-      if args.size < 2
-        super
-      elsif html_safe?
-        new_safe_buffer = super
+      if html_safe?
+        new_string = super
 
-        if new_safe_buffer
-          new_safe_buffer.instance_variable_set :@html_safe, true
-        end
+        return unless new_string
 
+        new_safe_buffer = new_string.is_a?(SafeBuffer) ? new_string : SafeBuffer.new(new_string)
+        new_safe_buffer.instance_variable_set :@html_safe, true
         new_safe_buffer
       else
         to_str[*args]
@@ -216,18 +188,41 @@ module ActiveSupport #:nodoc:
     end
     alias << concat
 
+    def insert(index, value)
+      super(index, html_escape_interpolated_argument(value))
+    end
+
     def prepend(value)
       super(html_escape_interpolated_argument(value))
     end
 
+    def replace(value)
+      super(html_escape_interpolated_argument(value))
+    end
+
+    def []=(*args)
+      if args.length == 3
+        super(args[0], args[1], html_escape_interpolated_argument(args[2]))
+      else
+        super(args[0], html_escape_interpolated_argument(args[1]))
+      end
+    end
+
     def +(other)
       dup.concat(other)
     end
 
+    def *(*)
+      new_string = super
+      new_safe_buffer = new_string.is_a?(SafeBuffer) ? new_string : SafeBuffer.new(new_string)
+      new_safe_buffer.instance_variable_set(:@html_safe, @html_safe)
+      new_safe_buffer
+    end
+
     def %(args)
       case args
       when Hash
-        escaped_args = Hash[args.map { |k, arg| [k, html_escape_interpolated_argument(arg)] }]
+        escaped_args = args.transform_values { |arg| html_escape_interpolated_argument(arg) }
       else
         escaped_args = Array(args).map { |arg| html_escape_interpolated_argument(arg) }
       end
@@ -266,11 +261,45 @@ module ActiveSupport #:nodoc:
       end
     end
 
-    private
+    UNSAFE_STRING_METHODS_WITH_BACKREF.each do |unsafe_method|
+      if unsafe_method.respond_to?(unsafe_method)
+        class_eval <<-EOT, __FILE__, __LINE__ + 1
+          def #{unsafe_method}(*args, &block)             # def gsub(*args, &block)
+            if block                                      #   if block
+              to_str.#{unsafe_method}(*args) { |*params|  #     to_str.gsub(*args) { |*params|
+                set_block_back_references(block, $~)      #       set_block_back_references(block, $~)
+                block.call(*params)                       #       block.call(*params)
+              }                                           #     }
+            else                                          #   else
+              to_str.#{unsafe_method}(*args)              #     to_str.gsub(*args)
+            end                                           #   end
+          end                                             # end
+
+          def #{unsafe_method}!(*args, &block)            # def gsub!(*args, &block)
+            @html_safe = false                            #   @html_safe = false
+            if block                                      #   if block
+              super(*args) { |*params|                    #     super(*args) { |*params|
+                set_block_back_references(block, $~)      #       set_block_back_references(block, $~)
+                block.call(*params)                       #       block.call(*params)
+              }                                           #     }
+            else                                          #   else
+              super                                       #     super
+            end                                           #   end
+          end                                             # end
+        EOT
+      end
+    end
 
+    private
       def html_escape_interpolated_argument(arg)
         (!html_safe? || arg.html_safe?) ? arg : CGI.escapeHTML(arg.to_s)
       end
+
+      def set_block_back_references(block, match_data)
+        block.binding.eval("proc { |m| $~ = m }").call(match_data)
+      rescue ArgumentError
+        # Can't create binding from C level Proc
+      end
   end
 end