FIX: attempt to run html_safe on script if available

FIX: attempt to run html_safe on script if available

ActiveSupport SafeBuffer now html escapes on insert in Rails 6. This will work around the issue by marking our injected script as safe.

See also: Handle more unsafe String methods by janosch-x · Pull Request #33990 · rails/rails · GitHub

diff --git a/lib/mini_profiler/profiler.rb b/lib/mini_profiler/profiler.rb
index b265d99..fb481a9 100644
--- a/lib/mini_profiler/profiler.rb
+++ b/lib/mini_profiler/profiler.rb
@@ -397,7 +397,13 @@ module Rack
         if script.respond_to?(:encoding) && script.respond_to?(:force_encoding)
           script = script.force_encoding(fragment.encoding)
         end
-        fragment.insert(index, script)
+
+        safe_script = script
+        if script.respond_to?(:html_safe)
+          safe_script = script.html_safe
+        end
+
+        fragment.insert(index, safe_script)
       else
         fragment
       end

GitHub sha: f8042fc4