Sanitizing HTML in a model?

h() is just "html string".gsub('&', '&amp;').gsub('<', '&lt;').gsub('>',
'&gt;').gsub('"', '&quot;')

Although I would actually stick to using <%=h instead of putting
sanitised data in the database.. What if you change your mind about
sanitising, or want to display data differently based on the type of
user (html for admin, h-ed for everyone else)?