Implementing sanitize simple_format in rails 2.3.8

I have created an application that allows for users to input lots of different data (posts, comments, etc.). The simple_format is good for me for now I just want to protect against crazy stuff. I haven't used sanitize before and after reading some guides I am still a little co开发者_StackOverflownfused on how to implement. Hoping I can get some direction here.

Let's say I am collecting @post.body. How do I remove any <div> tags or <script> tags that might be entered by the user? I am assuming that in the view it would look something like this:

<%= sanatize(simple_format @post.body) %>

...but where do I define what tags aren't allowed? In the Post model or in a sanitize_helper? What is the correct syntax here?

Here's the documentation link for the sanitize method in Rails 2.3.8. With that in mind you'll be able to define allowed tags in this way:

<%= sanitize(simple_format(@post.body), :tags => %w(p span strong)) %>

Note that you can define them also inside the Rails Initializer:

  Rails::Initializer.run do |config|
    config.action_view.sanitized_allowed_tags = 'table', 'tr', 'td'
  end 

I hope you find this helpful!