I never really understood XSS Attacks, and from this blog, I've learnt a lot which talks about XSS attacts, and how to check for them. Good read: http://www.jasonwieringa.com/Learning-About-XSS-Attacks-in-Rails/
So, one should always use sanitize as much as possible, and avoid
using html_safe.