Turn msg to html safe

[leompeters]

To accept links, buttons and others through messages.

[toadkicker]

In Rails using the content tag makes it html safe, there's not a reason to put this here afaik. Plus it is returned html safe...

[raldred]

@toadkicker it's not currently possible to include any html in flash messages with the aforementioned helper with Rails 4.1. This is due to the new JSON cookie serialiser. The safe state of the string is lost during serialisation.

The link in this example is not rendered currently: flash[:error] = "You need to be the leader of a team first <a href='#'>Register a team</a>".html_safe

The proposed patch fixes this and allows the link to be rendered.

However, this seems to be a recurring request, which has been previously pulled. Originally implemented in: #531 Pulled in #717 & #716 as part of an unexplained XSS vulnerability patch.

There are no details as to why the XSS patch was required, nor is there a spec to ensure what ever it was has been fixed correctly.

[toadkicker]

Ok please add the test to the commit and I'll merge it in:

 context 'when html is set in the message' do
      before { flash[:notice] = 'success flash <a href="#">Link</a>' }
      it 'should output the html' do
        expect(bootstrap_flash.gsub(/\s/, '').downcase)
            .to eql(BASIC_SUCCESS_WITH_HTML.gsub(/\s/, '').downcase)
      end
    end

BASIC_SUCCESS_WITH_HTML = <<-HTML
<div class="alert fade in alert-success">
  <button class="close" data-dismiss="alert" type="button">&times;</button>success flash
  <a href="#">Link</a>
</div>
HTML

[toadkicker]

I don't have the authorization needed to release a new gem. That's why I forked this and created railsstrap.