Add nuget spec for 0.4.1

Maintenance - Fixes for escaping of apostrophe

The fix consists in adding #? in the negative look-ahead expected to reject
entity references:
  &          // character '&'
  (?!        // not followed by
    #?       //   an optional # (numerical entity), followed by
    \w+      //   a word, followed by
    ;        //   character ';'
  )

instead of
  &          // character '&'
  (?!        // not followed by
    \w+      //   a word, followed by
    ;        //   character ';'
  )

When found in a replacement value, ' should be left untouched, not escaped
as ' which makes the entity visible instead of displaying an apostrophe
in a browser.

As reported by Chad Weider (Thanks!), the apostrophe should not be escaped as
"'" in HTML documents, but using a numeric entity "'" or "&#x27".

Unlike """, "'" has not beed defined in the W3C Recommendation
for HTML 4 [1].

References:

[1] HTML 4.01 Specification
§24.4.1 The list of characters
http://www.w3.org/TR/html4/sgml/entities.html#h-24.3.1

[2] Why shouldn't `'` be used to escape single quotes?
http://stackoverflow.com/questions/2083754
  /why-shouldnt-apos-be-used-to-escape-single-quotes

[3] OWASP - The Open Web Application Security Project
RULE #1 - HTML Escape Before Inserting Untrusted Data into HTML Element Content
"' is not recommended"
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content

See details of the discussion on Github issue tracker:
https://github.com/janl/mustache.js/pull/166

This reverts commit e20cee5f3e.

Conflicts:

	mustache.js

The installation of gems using the package manager is tweaked for Ubuntu/Debian
and 'rake' is not made available on the path after install using gem. The
install from source leads to a more consistent setup.

0.4.x Maintenance

Issue observed during the development of familywall.com, in some conditions.
For some reason, using ''' instead fixed the issue.

Warning: the tagged version still advertises version "0.4.0".

Issue noticed for the transformation of a template for familywall.com,
using MustacheJS 0.3.0. In the anonymous function(match,type,name,content)
in render_section, the name of the section was incorrectly recognized as:

place}} <dd class="field"> <strong>{{#i18n

within a match where the same string is repeated after a / at the end:

{{#place}} <dd class="field"> <strong>{{#i18n}}event.where_event_form{{/i18n}}</strong> <span class="hide" data-field="placeId">{{placeId}}</span> <span>{{name}}</span> </dd> {{/place}} <dd class="field"> <strong>{{#i18n}}

This is an unlikely bug, due to the use of the greedy operator + instead of
its non-greedy counterpart +?.

Conflicts:

	mustache.js

Uses the work done by @nateware in pull request 92. Thanks!

See http://jsperf.com/string-replace-function

package name is now "xulrunner-2.0". We need this to run our tests
in SpiderMonkey.

Thanks drobbins (see https://github.com/janl/mustache.js/pull/113)

Uses a method similar to jQuery.trim in jQuery 1.7.1.

Condition module.exports to make commonjs version work in browsers and no