With the 2.3.6 release hot out of the oven, Nathan Weizenbaum began updating HAML to support it. He uncovered a couple of bugs in the HTML-safety changes backported from Rails 3, so we’re cutting a 2.3.7 release to fix them.
If you use the rails_xss plugin for automatic HTML escaping, you should upgrade to Rails 2.3.7 and the latest rails_xss plugin.
If you don’t use the rails_xss plugin yet, now’s the time to start. It’s baked in to Rails 3.
Update: fixing compatibility with the rails_xss plugin broke HTML-safety for apps that don’t use rails_xss. We’re sorry, all: HTML-safety is meant to be opt-in! The fix is available now in 2.3.8.pre1 and will be released shortly.