Port a Brakeman update to content_tag for Rails 6

[Greg-Myers-SB]

In PR: presidentbeef/brakeman#1778
It was pointed out that content_tag's attributes will no longer output unescaped html in the first attribute, which I understand to be the cause of this warning in this guide. Content_tag therefore should no longer be warned against since Rails 6.1.7.3 unless I have misunderstood the underlying complaint.

Edit: Also worth mentioning at the current time, Rails 6.1.7.3 is out of support so it, and older versions, should no longer be in use. Only Rails 7.0 and above are still within their EOL.

---

You're A Rockstar

Thank you for submitting a Pull Request (PR) to the Cheat Sheet Series.

🚩 If your PR is related to grammar/typo mistakes, please double-check the file for other mistakes in order to fix all the issues in the current cheat sheet.

Please make sure that for your contribution:

• In case of a new Cheat Sheet, you have used the Cheat Sheet template.
• All the markdown files do not raise any validation policy violation, see the policy.
• All the markdown files follow these format rules.
• All your assets are stored in the assets folder.
• All the images used are in the PNG format.
• Any references to websites have been formatted as [TEXT](URL)
• You verified/tested the effectiveness of your contribution (e.g., the defensive code proposed is really an effective remediation? Please verify it works!).
• The CI build of your PR pass, see the build status here.

If your PR is related to an issue, please finish your PR text with the following line:

This PR fixes issue #<REPLACE WITH ISSUE NUMBER>.

Thank you again for your contribution 😃

[Greg-Myers-SB]

On Rails 8.0

$ rails c
class MyClass
  include ActionView::Helpers::TagHelper
end
=> MyClass
foo = MyClass.new
=> #<MyClass:0x000000012ec9caa0>
foo.content_tag("/><script>alert('hack!');</script>")
=> "<___script_alert__hack______script_></___script_alert__hack______script_>"