I noticed a difference between 2 very similar method implementations:
The commits 871b87a, 8db51ee created this difference. But at 2007 html safe buffers didn't exist at all. Stylesheet link implementation with manual escaping of path traveled from one file to another. Now it's dangerous, because it's possible to pass unsafe options as in the test in my commit.
escape options for the stylesheet_link_tag method