diff --git a/actionpack/lib/action_view/helpers/number_helper.rb b/actionpack/lib/action_view/helpers/number_helper.rb
index 62455b97f9c6cfffe56ea08f25dd45d998a10d35..dfc26acfad32818eab0db4a3adc173cbccb1e56b 100644
--- a/actionpack/lib/action_view/helpers/number_helper.rb
+++ b/actionpack/lib/action_view/helpers/number_helper.rb
@@ -254,7 +254,7 @@ def number_with_delimiter(number, options = {})
parts = number.to_s.to_str.split('.')
parts[0].gsub!(/(\d)(?=(\d\d\d)+(?!\d))/, "\\1#{options[:delimiter]}")
- parts.join(options[:separator]).html_safe
+ safe_join(parts, options[:separator])
end
# Formats a +number+ with the specified level of
diff --git a/actionpack/test/template/number_helper_test.rb b/actionpack/test/template/number_helper_test.rb
index 5c6f23d70bc81cdaaaddc7307ac4181c54ca0d79..14ca6d9879a3d226dcf710adbca126c43b5fc477 100644
--- a/actionpack/test/template/number_helper_test.rb
+++ b/actionpack/test/template/number_helper_test.rb
@@ -78,6 +78,8 @@ def test_number_with_delimiter_with_options_hash
assert_equal '12,345,678-05', number_with_delimiter(12345678.05, :separator => '-')
assert_equal '12.345.678,05', number_with_delimiter(12345678.05, :separator => ',', :delimiter => '.')
assert_equal '12.345.678,05', number_with_delimiter(12345678.05, :delimiter => '.', :separator => ',')
+ assert_equal '1<script></script>01', number_with_delimiter(1.01, :separator => "")
+ assert_equal '1<script></script>000', number_with_delimiter(1000, :delimiter => "")
end
def test_number_with_precision
diff --git a/activesupport/lib/active_support/testing/performance.rb b/activesupport/lib/active_support/testing/performance.rb
index ec6986654e0f15fcf4735d4420b42550f58bcbd1..2bea0f991a8242f56820b6cc7a0da20b24fb55e2 100644
--- a/activesupport/lib/active_support/testing/performance.rb
+++ b/activesupport/lib/active_support/testing/performance.rb
@@ -196,6 +196,7 @@ def self.[](name)
class Base
include ActionView::Helpers::NumberHelper
+ include ActionView::Helpers::OutputSafetyHelper
attr_reader :total