The bug is that when you concatenate HTML strings in helper methods, Rails will automatically HTML escape the string under certain conditions. There is NO way to tell Rails not to do this. Here is an example that reproduces the problem. Add these two methods to your application helper:
Then simply output the outer_helper method in one of your views:
<%= outer_helper %>
This is the result:
about to call inner_helper method
inside p content taga space should be between the following words: hello worldmore <span style="font-weight:bold;">dirty HTML</span>
inside div content tag
outside of inner_helper method in p tag
This is obviously not what it should be producing. Rails 3 automatically escapes HTML rendered, but you can simply call .html_safe on the output to mark that you don't want it to escape, or call raw(string), from what I've read. But these don't exist in Rails 2.3.8. This bug has been fixed in this commit to the Rails code, which has been included in Rails 2.3.9.
The blog posting at http://breakthebit.org/post/647352254/rails-2-3-8-forced-html-escaping-of-concatenated shows some ways you can get around this, but in my opinion you shouldn't have to work around this. Just stick with 2.3.5, or if you're brave you can try 2.3.9.