Just found this little plugin which is maybe interesting to protect against Cross-site scripting in Ruby on Rails.

xss_terminate is a plugin in that makes stripping and sanitizing HTML stupid-simple. Install and forget. And forget about forgetting to h your output, because you won‘t need to anymore.

via xssterminate – Project Hosting on Google Code.