Please read for an updated status on RailsCasts:
Learn more or hide this
Update: as Santiago pointed out in the comments, it looks like XSS protection has been back-ported to Rails 2.3 and will be available in Rails 2.3.6.
<%= strong link_to(comment.name, comment.url) %>
<p><%= comment.content %></p>
# rails c
safe = "safe".html_safe