Ensure simple_format escapes its html attributes

The previous behavior equated the sanitize option for simple_format with the
escape option of content_tag, however these are two distinct concepts.

This fixes CVE-2013-6416

actionpack/lib/action_view/helpers/text_helper.rb

@@ -266,7 +266,7 @@ def simple_format(text, html_options = {}, options = {})
           content_tag(wrapper_tag, nil, html_options)
         else
           paragraphs.map { |paragraph|
-            content_tag(wrapper_tag, paragraph, html_options, options[:sanitize])
+            content_tag(wrapper_tag, raw(paragraph), html_options)
           }.join("\n\n").html_safe
         end
       end