Avoid raw erb syntax (<%==) linter

[gravitystorm]

I'm a maintainer of an open-source rails application (OpenStreetMap) and I recently found out about the "raw erb" syntax i.e. using <%== instead of <%=. For example:

<%= "<hr />" %>
<%== "<hr />" %>

The first is escaped, but the second one outputs raw html. This has security implications for situations like:

<%= user.name %>
<%== user.name %>

Now hopefully any accidental usage of <%== will be caught during code review, but our reviewers are fallible (particularly during large refactoring diffs) and a lot of our code contributors aren't erb experts either, so mistakes might happen!

I'd like to write a custom linter to catch these, and ideally for it to be available here upstream too. But I have no idea how to write it! I'd also welcome any guidance on whether it should be written as a standalone linter here, or as part of the "better-html" erb safety codebase, to help with any eventual pull request.

If anyone would like to help write this linter for me, I'd be very grateful!