Rails 2.3 XSS Plugin

Rails Security | comments

This is not new to those closely watching updates regarding Rails development: for Rails 3 applications, there is no need to use the h() function to escape html for security reasons.