Preventing XSS attacks in rails

I have a white_list helper for this:
http://svn.techno-weenie.net/projects/plugins/white_list/

h() will escape *everything* and sanitize() misses a lot of edge cases.

Hi Rick,

I recently came across a little bug in your plugin. I was eventually
going to file a bug report, but since it was mentioned on the list, I
thought I'd report it here...

The following test fails on the latest svn rev...

   def test_closing_tag_regex_should_be_less_greedy
    assert_white_listed %(BEFORE<script>alert(1)</script>
AFTER<b>BOLD!</b>),
                        %(BEFORE AFTER<b>BOLD!</b>)
   end

-christos