In previous rails versions, to prevent cross-site scripting, the h helper method must be called explicitly to escape the output to the response body. The rails_xss plugin replaces the default ERB template handlers with erubis, and switches the behavior to escape by default rather than requiring you to escape. This behavior is consistent with Rails 3.0. Install rails_xss using the following commands:

sudo gem install erubis
ruby script/plugin install git://