Le markdown est fait avant un sanitize, offrant plus de sécurité vis a vis des attaques xss

app/views/events/show.html.haml

@@ -1,3 +1,7 @@
+%h2
+  %em= @event.city + ':'
+  = @event.title
+
 - if @event.persisted? && request.format == 'text/html' && controller.controller_name != 'moderations' && controller.controller_name != 'notes' && controller.action_name != 'edit' && controller.action_name != 'cancel'
   #lug-list
     %h1=t '.lug-list'
@@ -21,10 +25,6 @@
           %em.fa.fa-thumbs-down
           =t '.cancel'
 
-%h2
-  %em= @event.city + ':'
-  = @event.title
-
 %h3=t '.dateAndPlace'
 %p
   - if @event.same_day?
@@ -43,10 +43,10 @@
 
 %h3=t '.description'
 .description
-  :markdown
-    #{sanitize @event.description,
-      tags: %w(p br table tr td ul ol li a strong b em i img),
-      attributes: %w(href src width height)}
+  - markdown = Redcarpet::Markdown.new(Redcarpet::Render::HTML, autolink: true, tables: true)
+  = sanitize markdown.render(@event.description),
+    tags: %w(p br table tr td ul ol li a strong b em i img),
+    attributes: %w(href src width height)
 
 %h3=t '.infos'
 %p