Rails has always had ways to sanitize the display of data and since 2.x
there is even white-listing included. However, I think most of the time
it gets the wrong end of things when user-provided data is sanitized on
display. The unsanitary parts shouldn't have been allowed in from the
The right point, in my opinion, is in (or before) a controller's #create
and #update actions; not in the model, as I might want to allow the
backend to insert data that a user couldn't.
Before I whip up my own solution, I've looked for plugins doing this,
but didn't find any. Is there already relevant code floating around?