RedCloth and sanitizing input

Hi mates,

I've hit a problem and hope for some advices.

I am developing a blog for my family and I want to provide the opportuniy that everyone may format his blog posts. After some research I found RedCloth. It seems that it does exactly what I want, but for output i need to use the raw helper.

<%= raw RedCloth.new(post.content) %>

But this also allows them to use HTML in their posts. What is the best practice to prevent the usage of HTML and sanitize the content in this case? Is there any plugin for achiving this?

I'd be thankful for any help.

Kind regards,

Jan

I’ve used this before and found it to be flexible enough. It includes a number of out-of-box configurations to enable removal of all or just some tags or allows you to create your own.

https://github.com/rgrove/sanitize/

Hi Chris,