Hello ! first of all, thanks for writing this plugin :)
I just have one problem: when I do a <% form_for @object do |f| %>
and then an <%= f.label :some_method %> it throws an exception, even though from what I can see, the string should not be tainted, after all, it's just a label, and nothing should come out of the Database. is this normal ? how should I fix it ?
Ok, I just saw that everything that comes from I18n.t comes tainted. I'll just monkey-patch i18n.t to untaint strings.
Also consider using rails-xss from now on. This was a workaround to a lack of proper support in Rails 2.x. rails-xss is a backport of the Rails 3 support and is a more natural approach.