I have a white_list helper for this: http://svn.techno-weenie.net/projects/plugins/white_list/
h() will escape *everything* and sanitize() misses a lot of edge cases.
Hi Rick,
I recently came across a little bug in your plugin. I was eventually
going to file a bug report, but since it was mentioned on the list, I
thought I'd report it here...
The following test fails on the latest svn rev...
def test_closing_tag_regex_should_be_less_greedy
assert_white_listed %(BEFORE<script>alert(1)</script>
AFTER<b>BOLD!</b>),
%(BEFORE AFTER<b>BOLD!</b>)
end
-christos