Using html_safe or raw inside safe_join is being flagged

[monfresh]

Scenario: Elements inside a safe_join call include raw or html_safe, such as:

safe_join([raw(i18n_text), raw(i18n_mode_additional_markup(key))])

or

safe_join([i18n_text.html_safe, i18n_mode_additional_markup(key).html_safe])

In this case, i18n_text is a string returned by I18n.translate, which may or may not include HTML, and i18n_mode_additional_markup(key) returns the following string:

"<small class=\"i18n-anchor\"><a href=\"#{uri}\" " \
"target=\"_blank\" class=\"ml-tiny no-hover-decoration\">🔗</a></small>"

I also tried the content_tag version:

content_tag(:small, class: 'i18n-anchor') do
  content_tag(:a, href: uri, target: '_blank', class: 'ml-tiny no-hover-decoration') do
    '🔗'
  end
end

---

Expected behavior

Given that the Rails documentation for safe_join shows examples with raw, I would expect that would be accepted.

Actual behavior

Rubocop flags this as an offense:

Tagging a string as html safe may be a security risk, prefer safe_join or other Rails tag helpers instead.
      safe_join([raw(i18n_text), raw(i18n_mode_additional_markup(key))])

Steps to reproduce the problem

Call .html_safe and/or raw inside a safe_join call.

RuboCop version

Include the output of rubocop -V. Here's an example:

$ rubocop -V
0.44.1 (using Parser 2.3.1.4, running on ruby 2.3.1 x86_64-darwin14)