Single quotes have been added to the HTML_ESCAPE hash in output_safety.rb, but they are currently being replaced with their hex code equivalent (& #x27;), which Chrome/Safari will display as-is in the form field. If they are replaced with the decimal equiv (& #39;) instead, the browser will properly display a single quote in their place, as is already done with other escaped characters (& gt;, & amp;, etc.).
I've submitted a pull request with the tweak here: #9144
Fix the tests related with single quotes being escaped