I just finished cooking up a version of acts_as_textiled that will
sanitize after the RedCloth operation to guarantee well-formedness and
XSS safety. I chose this approach over input-filtering like
xss_terminate does because I don’t like to munge the user input, and I
didn’t want to have to add an extra column for every textiled field in
my app. The acts_as_textiled semantics prevent careless template
errors, while preserving user input without any DB migrations.
I believe the approach will dovetail nicely with koz’s erubis/taint-
mode work scheduled for Rails 3 and backported to 2-3-stable and I’ll
be looking to integrate them when the time comes.
It’s fully gemified, spec’ed in bacon and released to gemcutter: