I am writing an app where a lot of heavy duty calculations are performed in the browser to generate and format some content. The resulting content is HTML that I would like to save on the server (structure, links, results of calculations, etc). It does not have any javascript or CSS (in style tags).
Is there a Rails method or plugin I can use in a model's before_save or after_initialize method to strip javascript/css from the content and safely send it back to the browser (via JSON, FYI) while preventing XSS attacks, given the simple structure of the content?
