param-sanitizer

This gem allows you to sanitize request.

# application_controller.rb
before_filter :filter_params!

def filter_params!
  ParamSanitizer.instance.execute(params)
end

It strips all HTML tags from user input recursively.