How to "sanitize" a link?

Hi, i wan't to permit users to send their own content, text, html, and
stuff like that. It should also be permit them to send their own design,
using div, span, internal style attributes and so on. Obviously i'd like
to protect everything forbidding javascript, but permitting object and
embedded (for youtube, gvideo, etc).
From a previous post the suggestion was wonko/sanitize:
http://www.ruby-forum.com/topic/186697
But i've not found time to try it yet.
Btw, my question now is another, how can i remove external links, but
keeping the text link and internal links?
I mean, if a user insert "<a href="http://externaldomain.com">my
site</a>" it should be sanitized to just "my site", instead if he insert
"<a href="http://domain.com">read this page</a>" it should keep it as it
is (domain.com is "whitelisted"). And it also should remove others like
mailto:, ftp:, etc (just keep http and https)
Any hint about this ? (considering the first lines about styles, and
which sanitezer to use)
thank you

Take a look at: http://guides.rubyonrails.org/security.html

and then look at what you're trying to provide.

Is it really worth the risk?

A compromise might be http://redcloth.org/ a Textile to Ruby module

even without Sanitizer, this seems fairly trivial:

irb(main):017:0> links = "<a href='http://FACE.com'>click here for
your FACE</a><br /><a href='http://whitelisted.com'>this domain is
allowed</a>"
irb(main):018:0> allowed = "http://whitelisted.com"
irb(main):019:0> doc = Hpricot links
irb(main):020:0> (doc/"//a").each { |tag| tag.swap(tag.inner_text)
unless tag[:href] == allowed }
href="http://whitelisted.com"> "this domain is allowed" </a>}]>
irb(main):021:0> doc.to_s
=> "click here for your FACE<br /><a href=\"http://whitelisted.com
\">this domain is allowed</a>"