For performance reasons, you can no longer call html_safe! on Strings. Instead, all Strings are always not html_safe?. Instead, you can get a SafeBuffer from a String by calling #html_safe, which will SafeBuffer.new(self).

  * Additionally, instead of doing concat("</form>".html_safe), you can do
    safe_concat("</form>"), which will skip both the flag set, and the flag
    check.
  * For the first pass, I converted virtually all #html_safe!s to #html_safe,
    and the tests pass. A further optimization would be to try to use
    #safe_concat as much as possible, reducing the performance impact if
    we know up front that a String is safe.

  * A new module (ActiveSupport::Autoload) is provide that extends
    autoloading with new behavior.
  * All autoloads in modules that have extended ActiveSupport::Autoload
    will be eagerly required in threadsafe environments
  * Autoloads can optionally leave off the path if the path is the same
    as full_constant_name.underscore
  * It is possible to specify that a group of autoloads live under an
    additional path. For instance, all of ActionDispatch's middlewares
    are ActionDispatch::MiddlewareName, but they live under 
    "action_dispatch/middlewares/middleware_name"
  * It is possible to specify that a group of autoloads are all found
    at the same path. For instance, a number of exceptions might all
    be declared there.
  * One consequence of this is that testing-related constants are not
    autoloaded. To get the testing helpers for a given component,
    require "component_name/test_case". For instance, "action_controller/test_case".
  * test_help.rb, which is automatically required by a Rails application's
    test helper, requires the test_case.rb for all active components, so
    this change will not be disruptive in existing or new applications.

Extracted localized_cache.rb from ActionController, added it to AbstractController and made ActionMailer use it.

This doesn't provide a way to turn off the escaping, but alternative template engine authors
can figure out what their default should be by calling this.  Avoids a messy version + plugin check.

  By using config rather than hardcoded constants, we can evolve the
  configuration system over time (we'd just need to update the config
  method with more robust capabilities and all consumers would get
  the capabilities with no code changes)

  This consists of:

  * String#html_safe! a method to mark a string as 'safe'
  * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it
  * Calls to String#html_safe! throughout the rails helpers
  * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB)
  * New ERB implementation based on erubis which uses a SafeBuffer instead of a String

Hat tip to Django for the inspiration.

  * request.formats is much simpler now
    * For XHRs or Accept headers with a single item, we use the Accept header
    * For other requests, we use params[:format] or fallback to HTML
    * This is primarily to work around the fact that browsers provide completely
      broken Accept headers, so we have to whitelist the few cases we can
      specifically isolate and treat other requests as coming from the browser
    * For APIs, we can support single-item Accept headers, which disambiguates
      from the browsers
  * Requests to an action that only has an XML template from the browser will
    no longer find the template. This worked previously because most browsers
    provide a catch-all */*, but this was mostly accidental behavior. If you
    want to serve XML, either use the :xml format in links, or explicitly
    specify the XML template: render "template.xml".

  * Call _evaluate_assigns_and_ivars at the two entry points so we don't have to
    do a check at every render.
  * Make template.render viable without having to go through a wrapper method
  * Remove old TemplateHandler#render(template, local_assigns) path so we don't have
    to set self.template every time we render a template.
  * Move Template rescuing code to Template#render so it gets caught every time.
  * Pull in some tests from Pratik that test render @object in ActionView

Experimental: Improve performance of ActionView by preventing method cache flushing due to runtime Kernel#extend:

  * The helper module adds a new _helper_serial property onto AbstractController subclasses
  * When #helper is used to add helpers to a class, the serial number is updated
  * An ActionView subclass is created and cached based on this serial number.
    * That subclass includes the helper module from the controller
    * Subsequent requests using the same controller with the same serial will result in
      reusing that subclass, rather than being forced to take an action (like include
      or extend) that will result in a global method cache flush on MRI and a flush 
      of the entire AV class' cache on JRuby.
  * For now, this optimization is not applied to the RJS helpers, which results in
    a global method cache flush in MRI and a flush of the JavaScriptGenerator class in
    JRuby only when using RJS.
    * Since the effects are limited to using RJS, and would only affect JavaScriptGenerator
      in JRuby (as opposed to the entire view object), it seems worthwhile to apply this
      now.
  * This resulted in a significant performance improvement. I will have benchmarks
    in the next day or two that show the performance impact of the last several
    commits.
  * There is a small chance this could break existing code (although I'm not sure how).
    If that happens, please report it immediately.

Cache controller_path on the AV instance to avoid needing to make additional calls back into the controller for each attempt (this was done because these calls were adding up significantly in partial rendering and showing up on profiles)

Rendering a template from ActionView will default to looking for partials only in the current mime type.

  * The old behavior was tested only as a side-effect of a different test--the original tests remain;
    a new template in the XML mime was added.
  * If you are relying on the current behavior and object to this change, please participate in
    http://groups.google.com/group/rubyonrails-core/browse_thread/thread/6ef25f3c108389bd