Preventing XSS attacks in rails

I have a white_list helper for this:

h() will escape *everything* and sanitize() misses a lot of edge cases.

Hi Rick,

I recently came across a little bug in your plugin. I was eventually
going to file a bug report, but since it was mentioned on the list, I
thought I'd report it here...

The following test fails on the latest svn rev...

   def test_closing_tag_regex_should_be_less_greedy     assert_white_listed %(BEFORE<script>alert(1)</script>
AFTER<b>BOLD!</b>),                         %(BEFORE AFTER<b>BOLD!</b>)    end