module EscapeUtils

Default String class to return from HTML escaping

def self.html_safe_string_class
  @html_safe_string_class
end

This is because quotes around HTML attributes are optional in most/all modern browsers at the time of writing (10/15/2010)
Escaping '/' is recommended by the OWASP - http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
turn on/off the escaping of the '/' character during HTML escaping

def self.html_secure
  @html_secure
end