content_tag_string shouldn't escape_html if escape param is false

actionpack/lib/action_view/helpers/tag_helper.rb

@@ -110,7 +110,7 @@ def escape_once(html)
 
         def content_tag_string(name, content, options, escape = true)
           tag_options = tag_options(options, escape) if options
-          "<#{name}#{tag_options}>#{ERB::Util.h(content)}</#{name}>".html_safe
+          "<#{name}#{tag_options}>#{escape ? ERB::Util.h(content) : content}</#{name}>".html_safe
         end
 
         def tag_options(options, escape = true)

actionpack/test/template/tag_helper_test.rb

@@ -39,6 +39,8 @@ def test_content_tag
                  content_tag("a", "Create", :href => "create")
     assert_equal "<p>&lt;script&gt;evil_js&lt;/script&gt;</p>",
                  content_tag(:p, '<script>evil_js</script>')
+    assert_equal "<p><script>evil_js</script></p>",
+                 content_tag(:p, '<script>evil_js</script>', nil, false)
   end
 
   def test_content_tag_with_block_in_erb