Add `:escape` option for `truncate`

This options can be used to not escape the result by default.

actionpack/CHANGELOG.md

 ## Rails 4.0.0 (unreleased) ##
 
+*   `truncate` now always returns an escaped HTMl-safe string. The option `:escape` can be used as
+    false to not escape the result.
+
+    *Li Ellis Gallardo + Rafael Mendonça França*
+
 *   `truncate` now accepts a block to show extra content when the text is truncated. *Li Ellis Gallardo*
 
 *   Add `week_field`, `week_field_tag`, `month_field`, `month_field_tag`, `datetime_local_field`,

actionpack/lib/action_view/helpers/text_helper.rb

@@ -64,7 +64,9 @@ def safe_concat(string)
       #
       # Pass a block if you want to show extra content when the text is truncated.
       #
-      # The result is marked as HTML-safe, but the it is escaped first.
+      # The result is marked as HTML-safe, but it is escaped by default, unless <tt>:escape</tt> is
+      # +false+. Care should be taken if +text+ contains HTML tags or entities, because truncation
+      # may produce invalid HTML (such as unbalanced or incomplete tags).
       #
       #   truncate("Once upon a time in a world far far away")
       #   # => "Once upon a time in a world..."
@@ -87,7 +89,8 @@ def truncate(text, options = {}, &block)
         if text
           length  = options.fetch(:length, 30)
 
-          content = ERB::Util.html_escape(text.truncate(length, options))
+          content = text.truncate(length, options)
+          content = options[:escape] == false ? content.html_safe : ERB::Util.html_escape(content)
           content << capture(&block) if block_given? && text.length > length
           content
         end

actionpack/test/template/text_helper_test.rb

@@ -119,6 +119,15 @@ def test_truncate_should_escape_the_input
     assert_equal "Hello &lt;sc...", truncate("Hello <script>code!</script>World!!", :length => 12)
   end
 
+  def test_truncate_should_not_escape_the_input_with_escape_false
+    assert_equal "Hello <sc...", truncate("Hello <script>code!</script>World!!", :length => 12, :escape => false)
+  end
+
+  def test_truncate_with_escape_false_should_be_html_safe
+    truncated = truncate("Hello <script>code!</script>World!!", :length => 12, :escape => false)
+    assert truncated.html_safe?
+  end
+
   def test_truncate_with_block_should_be_html_safe
     truncated = truncate("Here's a long test and I need a continue to read link", :length => 27) { link_to 'Continue', '#' }
     assert truncated.html_safe?
@@ -129,6 +138,16 @@ def test_truncate_with_block_should_escape_the_input
       truncate("<script>code!</script>Here's a long test and I need a continue to read link", :length => 27) { link_to 'Continue', '#' }
   end
 
+  def test_truncate_with_block_should_not_escape_the_input_with_escape_false
+    assert_equal "<script>code!</script>He...<a href=\"#\">Continue</a>",
+      truncate("<script>code!</script>Here's a long test and I need a continue to read link", :length => 27, :escape => false) { link_to 'Continue', '#' }
+  end
+
+  def test_truncate_with_block_with_escape_false_should_be_html_safe
+    truncated = truncate("<script>code!</script>Here's a long test and I need a continue to read link", :length => 27, :escape => false) { link_to 'Continue', '#' }
+    assert truncated.html_safe?
+  end
+
   def test_truncate_with_block_should_escape_the_block
     assert_equal "Here's a long test and I...&lt;script&gt;alert('foo');&lt;/script&gt;",
       truncate("Here's a long test and I need a continue to read link", :length => 27) { "<script>alert('foo');</script>" }