I just finished cooking up a version of acts_as_textiled that will sanitize after the RedCloth operation to guarantee well-formedness and XSS safety. I chose this approach over input-filtering like xss_terminate does because I don''t like to munge the user input, and I didn''t want to have to add an extra column for every textiled field in my app. The acts_as_textiled semantics prevent careless template errors, while preserving user input without any DB migrations. I believe the approach will dovetail nicely with koz''s erubis/taint- mode work scheduled for Rails 3 and backported to 2-3-stable and I''ll be looking to integrate them when the time comes. It''s fully gemified, spec''ed in bacon and released to gemcutter: http://github.com/dasil003/acts_as_sanitiled