diff --git a/actionpack/lib/action_view/helpers/form_helper.rb b/actionpack/lib/action_view/helpers/form_helper.rb
index c2ad7e9f77e31..238f2eb07a423 100644
--- a/actionpack/lib/action_view/helpers/form_helper.rb
+++ b/actionpack/lib/action_view/helpers/form_helper.rb
@@ -309,7 +309,7 @@ def form_for(record_or_name_or_array, *args, &proc)
 
         options[:html][:remote] = true if options.delete(:remote)
 
-        concat(form_tag(options.delete(:url) || {}, options.delete(:html) || {}))
+        safe_concat(form_tag(options.delete(:url) || {}, options.delete(:html) || {}))
         fields_for(object_name, *(args << options), &proc)
         safe_concat('</form>')
       end
diff --git a/actionpack/lib/action_view/helpers/form_tag_helper.rb b/actionpack/lib/action_view/helpers/form_tag_helper.rb
index ba1b0bcc20e7d..6ed6c3101b9f8 100644
--- a/actionpack/lib/action_view/helpers/form_tag_helper.rb
+++ b/actionpack/lib/action_view/helpers/form_tag_helper.rb
@@ -441,8 +441,8 @@ def image_submit_tag(source, options = {})
       #   # => <fieldset class="format"><p><input id="name" name="name" type="text" /></p></fieldset>
       def field_set_tag(legend = nil, options = nil, &block)
         content = capture(&block)
-        concat(tag(:fieldset, options, true))
-        concat(content_tag(:legend, legend)) unless legend.blank?
+        safe_concat(tag(:fieldset, options, true))
+        safe_concat(content_tag(:legend, legend)) unless legend.blank?
         concat(content)
         safe_concat("</fieldset>")
       end
@@ -477,7 +477,7 @@ def form_tag_html(html_options)
 
         def form_tag_in_block(html_options, &block)
           content = capture(&block)
-          concat(form_tag_html(html_options))
+          safe_concat(form_tag_html(html_options))
           concat(content)
           safe_concat("</form>")
         end
diff --git a/actionpack/lib/action_view/helpers/javascript_helper.rb b/actionpack/lib/action_view/helpers/javascript_helper.rb
index 7dca9849c0482..8fdaa8cf8d301 100644
--- a/actionpack/lib/action_view/helpers/javascript_helper.rb
+++ b/actionpack/lib/action_view/helpers/javascript_helper.rb
@@ -86,7 +86,7 @@ def javascript_tag(content_or_options_with_block = nil, html_options = {}, &bloc
         tag = content_tag(:script, javascript_cdata_section(content), html_options.merge(:type => Mime::JS))
 
         if block_called_from_erb?(block)
-          concat(tag)
+          safe_concat(tag)
         else
           tag
         end
diff --git a/actionpack/lib/action_view/helpers/tag_helper.rb b/actionpack/lib/action_view/helpers/tag_helper.rb
index ed80e07c7862c..a3a8185f40606 100644
--- a/actionpack/lib/action_view/helpers/tag_helper.rb
+++ b/actionpack/lib/action_view/helpers/tag_helper.rb
@@ -72,7 +72,7 @@ def content_tag(name, content_or_options_with_block = nil, options = nil, escape
           content_tag = content_tag_string(name, capture(&block), options, escape)
 
           if block_called_from_erb?(block)
-            concat(content_tag)
+            safe_concat(content_tag)
           else
             content_tag
           end
diff --git a/actionpack/lib/action_view/render/rendering.rb b/actionpack/lib/action_view/render/rendering.rb
index 7c33f1334a4a1..abc7c09991a90 100644
--- a/actionpack/lib/action_view/render/rendering.rb
+++ b/actionpack/lib/action_view/render/rendering.rb
@@ -19,7 +19,7 @@ def render(options = {}, locals = {}, &block) #:nodoc:
         options[:locals] ||= {}
 
         if block_given?
-          return concat(_render_partial(options.merge(:partial => layout), &block))
+          return safe_concat(_render_partial(options.merge(:partial => layout), &block))
         elsif options.key?(:partial)
           return _render_partial(options)
         end