从Rails中清除JSON的最佳方法

RoR 3 automagically sanitizes ERB templates (when done correctly). However, I've got a little project where I'm using RoR for the application tier only and javascript for the presentation. So, typical request is ajax call to rails route and render returned json. Issue is it is currently possible for me to inject js, create a new product with title RoR 3 automagically sanitizes ERB templates (wh