Attributes are not made html safe

[mbrookes]

Consider the attribute:

data: { confirm: "Are you sure? The page <strong>#{page.title}</strong> will be permanently deleted." }

For the page.title (which may be user input) of <script>alert('Boo!')</script> a javascript alert is raised.

[rvanlieshout]

I don't think this gem should decide if it should be made html safe or not. If you want to use a safe version of page.title you could use $(page.title).text().