I ran into this problem when working on a rails application in the beta 3 release. I use the ruby-aaws gem to source book information from Amazon's product API. Naturally one of the greatest benefits of using such an API is being able to use product images, or more specifically books covers. The URL values returned from the API for images, and the product page are obviously absolute. Rails 3 came with several security improvements and features. When putting content into pages, the h() method is applied by default. So instead of:
<%=h @post.body %>
You now use:
<%= @post.body %>
That saves some typing for sure, and ensures better security in case in the midst of development we forget to implement the h() call. In the image_tag method, you can still pass your own images such as:
<%= image_tag 'my_image.png' %>
However, I ran into an error message where even though all the amazon image URLs were coming back properly, they errored out as being null instead of a string. It turns out, that the new security feature seems to either dump or ignore the full URL inside the image_tag call. It wouldn't surprise me if this is in the link_to call as well.
For me this, failed:
<%= image_tag 'http://amazon.ca/bookimage' %>
The fix for this is simply:
<= image_tag h('http://amazon.ca/bookimage') %>
This gave me a lot of grief, so I hope this post helps you in your rails development.