Rails - Outputting content, sanitize or <%=h?

I recently made a small rails3 app to convert an old cms written in another language. After migrating the content I am having problems outputting content from the database.

The @content.desc field sometimes has html. Currently the only way I could get it to work was:

<%= sanitize 开发者_JS百科content.desc %>

But is this the best way? When I use <%=h @content.desc %> I can see the html tags still. When I use <%= simple_format @content.desc %> I get wicked spacing.

Is there a definitive guide somewhere where I can see all of the options while outputting content? I've tried to search but can't turn anything up (rails newb, i know).

Any string not marked as "safe" will be HTML-escaped by default in Rails 3. Some methods, such as sanitize, h, link_to and many other helpers return safe strings, thus allowing them to be written literally. See this blog post for more info.

If you know for sure that the HTML contained in @content.desc is safe, you can mark it as such yourself like so: <%= @content.desc.html_safe %>.

Rails 3 has changed HTML sanitisation to be enabled by default. If you're sure that the string you're rendering is safe, you can use

<%= @content.desc.html_safe! %>

Unless I'm mistaken, you shouldn't have to sanitize the content before displaying it, as Rails 3 does that by default. More info here: http://yehudakatz.com/2010/02/01/safebuffers-and-rails-3-0/